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DEADLOCK-FREE SHARING OF RESOURCES 


IN ASYNCHRONOUS SYSTEMS* 
Abstract 


Whenever resources are shared among several activities that hoard 
resources, the activities can attain a state of deadlock in which, for 
lack of resources, none of the activities can proceed. Deadlocks can 
be prevented by coordination of the sharing. Efficient running of the 
activities under such coordination requires knowledge of the patterns 
of use of resources by the activities. 


This thesis presents a study of deadlock prevention in systems in 
which a knowledge of the usage of resources by the activities during 
several phases of steady resource usage is available. A representation 
called a demand graph is presented and used for the study of deadlocks. 
The model is a general one and encompasses systems in which the activi- 
ties themselves consist of more than one sequence of phases and are not 
necessarily independent of each other. The analysis is applicable to 
computer systems as well as systems in the realm of operations research. 


*This report reproduces a thesis os the same title submitted to the 
Department of Electrical Engineering, Massachusetts Institute of 
Technology, in partial fulfillment of the requirements for the degree 
of Doctor of Science, September 1970. 
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$1.1 Deadlocks 


As this thesis deals with deadlocks and their prevention, it is 
necessary for the reader to appreciate the nature of deadlocks. Three 
examples are presented below, with the aim of introducing the concept 
of deadlock to the reader. 

The first example concerns a canal with locks and two drawbridges 
on it. The drawbridges lie on a road, as shown in Figure 1.1, which has 
been laid so as to avoid a marsh and crosses the canal twice. Both the 
canal and the road carry traffic in one direction only. The principal 
traffic on the canal consists of barges. As a barge approaches Bridge A, 
a warning is sounded when the barge is 100 metres from the bridge and, 
when the bridge is free of cars, it is drawn. The bridge stays drawn 
until the tail end of the barge has passed the bridge. A similar disci- 
pline is followed for Bridge B. 

The system works very well until a rather long barge comes in on 
a day when traffic is heavy. Then it can happen that Bridge A is 
drawn and a queue of cars begins to build up that extends well past 
Bridge B. Then the barge reaches Bridge B while its tail end is still 
under Bridge A. But Bridge B cannot be drawn because there are cars on 
it! The cars on Bridge B cannot move ahead until Bridge A is lowered and 
that cannot be done until the barge has moved ahead, which in turn cannot 
be done until the cars on Bridge B move on! A deadlock has thus occurred 
because neither the cars nor the barge can back up. The deadlock will 


persist indefinitely. 
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Figure 1.1 
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The deadlock above occurred because of improper planning of the use 
of the bridges by cars and barges. If the warning for Bridge B had been 
issued at the same time that it was issued for Bridge A, the deadlock 
would not have occurred. This is not just a matter of hindsight; rather, 
it indicates that deadlocks cannot be prevented without a priori know- 
ledge of the use of shared resources (in this case the bridge). It will 
be noted that a stochastic model is useless in this case; knowing that the 
probabilities of there being very heavy traffic when a barge crosses the 
section of the canal between Bridges A and B, and that a barge is long 
enough to cause trouble, are each 0.07, with a consequent 0.995 probability 
(assuming independence of the two events) of successful operation, is of 
little comfort. Deadlocks, when they are catastrophic in their conse- 
quences, must be prevented. 

The second example concerns a maintenance hangar for aeroplanes. 
The planes that come in for servicing represent tasks for the workshop. 
Planes coming in for servicing are put onto stands for service. It is not 
known, when a plane comes in, how much work needs to be done on it and, 
therefore, how long it will take to overhaul the plane. When a plane is 
taken in, the bottom of the plane is opened up on the stand and various 
kinds of jigs are inserted for the overhauling. If planes are taken in 
whenever a stand is empty, it is possible to reach a condition in which the 
jigs are all used up and yet each plane needs more jigs before its over- 
hauling is complete and jigs are released. (It is assumed that jigs can- 


not be pulled off incompletely serviced planes as they also perform the 
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structural function that parts that have been removed perform.) Once more 
deadlock is possible. The point being emphasized here is that the 
scheduling of work for the hangar is not analogous to that of scheduling 
work for an assembly shop. The servicing of planes is asynchronous, in 
the sense that the times for processing of planes are not the same. 

Thus the principal interest is not in picking a schedule that minimizes the 
average processing time but rather in letting the processing of jobs which 
are accepted proceed at their own pace, subject to the avoidance of dead- 
lock. In this respect, the systems considered in this thesis differ fun- 
damentally from the systems analyzed in the field of Project Scheduling 

as typified by [1]. Another fundamental difference is that resources 
(here, jigs) are not always returned between two overhauling operations, 
i.e., it is not true that at the end of an operation, all the resources 
required for its execution become available for general use. This reten- 
tion of resources is a sine qua non for the occurrence of deadlocks and 
its absence in Job Shop Systems is probably why, to the best of the 
author's knowledge, it has not been studied in the field of Job Shop 
Scheduling. Job Shop Scheduling will be taken up later, in greater de- 
tail, at the end of Chapter 3. 

The third example relates to computer systems with a one-level mem- 
ory and multiprocessing. Here core memory is shared and processes can be- 
come deadlocked for lack of free core. Processes cannot be deprived of 
memory already allocated, as this implies nullification of any partial 


computation already performed. The penalty for de-allocation is thus 
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the expenditure of time and computational effort to recompute, and this 
can be substantial, This example brings out the large cost that undoing 
the consequences of deadlock can imply, if at all this is possible. That 
deadlocks could be resolved in this example is not unusual. Deadlocks 
can almost always be resolved by preemption. Even in the first example 
the deadlock can be broken at the cost of the destruction of the cars on 
Bridge B. The resolution of deadlocks is no solution at all precisely be- 
cause the price paid is too high to ignore the possibility of the preven- 
tion of deadlocks. 

The problem of prevention of deadlocks has been approached recently 
with a view to seeking elegant solutions. Some of the earlier work is 


described below. 


§1.2 Past Work 


The best known past work in this field is that of Habermann [2,3] 
who extended the somewhat more specialized analysis that was given by 
Dijkstra in [4]. Habermann's analysis is summarized in the next paragraph 
and the one following it. However, both assume the availability of some 
information about the amounts of resource that will be needed by the dif- 
ferent tasks in the system. Havender, in [5], treats a somewhat more 
specialized case of resource usage. The work of Habermann is the most 
elaborate of the three and also provides the basis and some of the termin- 


ology of this thesis. 
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Habermann considers sequential processes, i.e. tasks, (say m of 
them) sharing several (say n) types of resource, All the units of re- 
source of any one type are equally useful. Each process is required to 
state the maximum amount of resource of each type that it will need — my 
for process i and resource-type j. The processes are free to acquire and 
release resources as they please, subject to these maxima. The analysis 
assumes that the various maximum amounts, ms 49 for a process may be needed 
simultaneously, and thus there is a maximum demand vector for each process, 
m for process i, whose n components are the maximum demands for each of 
the resource types. Allocation of resources is done on the basis of ac- 
tual requests for additional resource from processes and so as to prevent 
the occurrence of deadlock. At any instant, each process has beenallotteda 
certain quantity of each kind of resource so that there is a vector of al- 
locations to the process. Allocation vectors are represented by a. 

(for the his process). The combined status of the processes at any time 

is thus represented by the allocation state, (aj; Ags see as whose com- 
ponents are the m vectors of allocation for the m processes. An allo- 
cation state is said to be safe if there is some sequence in which the 
needs of each process can be met, one at a time, so that all the processes 
can terminate. Each process is assumed to terminate within a finite amount 
of time once its needs have been satisfied fully. Habermann has shown that 
the definition of safeness can be restated as a test for the safeness of 
an allocation state, viz that there should exist a sequence, ij> io» hace in 


of the m processes so that the allocation vectors and the unused resources 


vector, R, satisfy the set of inequalities: 
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Habermann has shown that deadlock can be avoided if the allocation state 
is safe but not otherwise. It can be seen easily that the inequalities 
above can be rearranged in a canonical order so that the left hand sides 
are non-decreasing. Thus the unused resources, R, at any time need only 
be as large as the smallest of the unsatisfied resource needs of the 
users at that time! (Clearly then the amount of unused resources need 
never exceed the smallest of the maximum demands, m, +) 

In contrast to the good utilization of resources that is found 
above, when no information about resource usage is available at all, the 
processes can only be run sequentially. The greater information available 
in the former case is what permits more efficient utilization of resources. 
This is what suggests that systems capable of handling more detailed in- 
formation about resource usage should be of interest, as even better util- 
ization of resources may be possible. This thesis is an attempt to study 
how this more detailed information can be used to advantage. 

Shoshani has worked on an extension of Habermann's analysis using 
an algebraic model [6]. His results are similar to, though somewhat less 
general than, some of the results obtained independently by the author 


and reported here. In [7] he discusses the problem of recovery from 
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deadlocks with minimum cost and presents an elegant solution. 


§1.3 The Problem 


The systems dealt with in this thesis consist of a number of 
processes, i.e., unified sequences of activities. The processes are asyn- 
chronous, i.e., temporal relationships between the activities of two 
processes based on a single time axis are meaningless. The processes 
share several kinds of resource from a pool. The various combinations 
of resources needed during the activity of each process are assumed to be 

+ 
known . The processes do not have to be sequential in activity or indepen- 
dent of each other’. The problem treated of is that of allocating re- 
sources in such a system in a manner that prevents the occurrence of dead- 
lock and optimizes utilization of the resources. The choice of an appro- 
priate model is important for the analysis of deadlock and a graphical one 
has been chosen for this purpose. 

As before, an example is presented here which, it is hoped, will 
prove useful in gaining the proper perspective. The example will be re- 
ferred to as "the construction analogue" later on, as it deals with the 
building construction industry and as the principal context for the treat- 
ment of deadlock prevention will be that of computer systems. 

The construction analogue concerns a construction equipment rental 


company. Several contractors rent equipment from this company, the only 


+ These are the two areas in which Habermann's analysis is extended here. 
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one in the neighborhood, to build buildings which they sell when completed. 
From the point of view of the company, each contractor is a process which 
it serves. Each contractor knows the phases that his work will go through, 
such as foundation building, wall erection, and so on, and the amounts of 
each kind of equipment that he needs in each phase. He knows that when he 
needs bulldozers he does not need scaffolding, and so on, so that the max- 
imum needs for each kind of resource (equipment) do not, in general, oc- 
cur simultaneously. He does not know exactly how long each phase will 
last, because of uncertainties of weather, material supply and availability 
of labor. Moreover, these uncertainties are different for different con- 
tractors and so the different processes in the system are asynchronous. 
Each contractor gives the company a description of resource needs in 
phases and expects, in turn, to be rented equipment on a first-come-first- 
served basis but without ever being deadlocked in conjunction with other 
contractors. He will return equipment when he does not need it, but not 
under any other circumstances; for he works in competition with other con- 
tractors. Several contractors may undertake joint projects, so that their 
activities are not necessarily independent. Moreover, a single contractor 
may undertake several projects which can proceed independently of each 
other or interact at arbitrary points in their activity. Also, a phase 
in a contractor's activity, or a set of phases for that matter, may be 
capable of execution with more than one alternative combinations of equip- 
ment. Contractors are free to undertake new projects upon completion of 


others and new contractors can enter the system. The problem that the 
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company faces is that of maximizing its income from the rental of the 
equipment, while satisfying all its clients. 

In terms of computer systems, computations correspond to the con- 
tractors. New computations enter the system when they are created by the 
principals (users) of the system. The computations need not be sequential. 
The resources shared are active memory, arithmetic units, input output 
devices, etc. There is considerable latitude in the detail to which the 
analysis may be extended -- thus specialized functional units inside the 
arithmetic unit, for instance, can also be considered resources if it is 
so desired, The active memory is considered to consist of one level and 
space in it is allocated to processes dynamically. As the memory has only 
one level, it is not possible to free space in active memory by pre- 
emption without destroying information. When the memory does consist of 
several levels, deadlock cannot occur on account of memory. For free 
space can be created by moving information to a lower level; however, the 
large time delays in such movement of information that are encountered in 
practice emphasize the need for prevention of deadlocks, as does the pos- 
sibility of thrashing. The inability to preempt resources is more evident 
in the case of input output devices such as tape-drives, plotters and 
graphic output devices. 

It is not proposed that a user or programmer supply the information 
about resource needs; rather, it is assumed that a pre-processor of some 
sort, perhaps a compiler, provides the information. It is not a fanciful 
idea to expect that such information can be extracted from programs. It 


is already known how to get upper bounds on core usage of non-recursive 
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programs, if only conservative estimates. It is not necessary to extract 
further detailed information from a program although, if such information 
can be obtained, it can be used. It is merely required of the principal 
that he state which procedures are used, and in what sequence, in the defi- 
nition of the computation. Thus, rather than determining the largest of 
the memory requirements of the individual procedures making up the com- 
putation and stating just that, the entire information consisting of the 
sequence of procedure calls and the memory requirements of each procedure 
can be made available. 

An important restriction that is placed on programs to which the 
study undertaken in this thesis applies is that they not contain unre- 
stricted recursion; for it is impossible to guarantee that deadlocks will 


be prevented if the demands of a process can increase beyond bound. 


81.4 Plan of the Thesis 


Chapter 2 introduces the demand graph as the model to be used to 
represent the systems of interest. Specialized demand graphs of systems 
with sequential processes and a single. type of resource are analyzed here. 
A non-enumerative algorithm is presented for determination of safeness;, 

a concept related to deadlock avoidance, in this chapter. 

Chapter 3 extends the analysis of Chapter 2 to systems with more 

than one type of resource. The concepts of limited-backtracking and 


linearity are introduced and it is shown that linear algorithms for 
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determination of safeness do not exist. The algorithm of Chapter 2 is 
also extended. 

Chapter 4 introduces interactions between processes into the pic- 
ture. The analysis of Chapter 3 is extended to this case. 

An initial attempt at the handling of decisions, loops and alter- 
native ways of satisfying the resource requirements of a process is made 
in Chapter 5. 

Chapter 6 presents some concluding thoughts, and the appendix 
describes some properties of demand graphs deduced by the use of the 


theory of linear inequalities. 


Svstemn With 
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82.1 Problems of the Use of Continuous Time 


It was pointed out in Chapter 1 that the systems of processes 
being investigated in this thesis are those in which information about 
the usage of resources during the activity of each process is available. 
A natural way to think about such information is as graphs of resource 
usage with time. Figure 2.1 illustrates such graphs for two processes 
which share one kind of resource. Unfortunately, such graphs use time 
axes which are meaningful only for the respective processes; for the 
processes are asynchronous and so no temporal relationships between the 
activities of two processes that are based on a single time axis can be 
defined. The graphs are thus incomparable. However, from the point of 
view of resource allocation, only the epochs corresponding to changes in 
resource usage are of interest ~~ the length of time, on any axis, be- 
tween such epochs is irrelevant. Thus, only these epochs need to be rep- 
resented in an abstract model for the study of deadlocks and resource al- 
location. The next section describes such a representation, viz the 
demand graph. The concept of a demand graph was inspired by Holt's work 
[8] on the representation of events and by the realization that 
it is the class of events, which correspond to changes in resource usage, 


that is of interest in the study of deadlocks. 
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Figure 2.1 
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§2.2 Demand Graphs 


A demand graph is a finite directed graph with arcs and nodes; 
the nodes are called transitions. Associated with each arc is a quantity 
called a demand, chosen from a set A. A quantity called the capacity, 
which is represented by C and also chosen from the set A, is associated 
with the demand graph. The set A is ordered (partially or cetally 5 
and the demands associated with the arcs of a demand graph are always 
less than or equal to the capacity associated with the demand graph. 
Demand graphs are generally dis-connected. In any case, every compo- 
nent of a demand graph must contain at least one node that has in- 
degree zero and one node that has out-degree zero. 

The study of demand graphs in this thesis will proceed from a re- 
stricted class of demand graphs, called Rectilinear Scalar Demand Graphs 


and studied in this chapter, to progressively less restricted classes. 


2.3 Rectilinear Scalar Demand Graphs 


Rectilinear Scalar Demand Graphs, or Scalar Demand Graphs for brev- 
ity, are acyclic demand graphs that have the property that the components 


are unilateral, i.e. for every pair of transitions at least one transition 


is reachable from the other by a path. The components thus look like 


Tee e2.7 
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chains and for this reason they are formally termed chains. The sec- 
pion of a chain between any two transitions will be called a segment of 
the chain; clearly, an arc of a chain is a segment of that chain. The 
demands associated with the arcs of simple demand graphs belong to the 
set of non-negative integers, and so does the capacity, C, associated with 
the system. The demands associated with the first and last arcs of each 
chain are 0. These arcs are called initial and terminal arcs of the 
chains, respectively. 

The Scalar Demand Graph is a model for a class of systems of pro- 
cesses in which resources are shared. The chains of a Scalar Demand Graph 
correspond to processes in the system represented by the graph. The 
transitions correspond to the epochs at which a change in resource usage 
occurs and the arcs to phases of activity of the processes, i.e. periods 
of steady resource usage. The processes can be said to be sequential as 
each phase can be followed by exactly one other phase. Moreover, as the 
sub~graphs consisting of chains are disjoint from each other, the pro- 
cesses they model can be said to be independent. The only interaction 
between processes is that due to sharing of resources. Later chapters 
will contain discussions that relate to broader classes of systems in 
which the processes are not so constrained. The demands associated with 
the arcs of the graph represent the demands for resources associated with 
the corresponding phases (of activity) of the processes. As the demands 
are integers, the processes modelled share a single type of resource from 
a common pool. The capacity, C, associated with a demand graph repre- 


sents the sige of this pool or the number of servers in this pool. The 
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different servers are identical in their capability to serve and thus the 
resource can be said to be homogenous — in fact, a resource of any one 
type will always be considered to be homogeneous. The requirement that 
adjacent arcs have distinct demands is consistent with the fact that the 
transitions represent changes in resource usage. Needless to say, the re- 
sources are shared in an unpreemptable manner so that deadlocks can occur. 
The zero demands associated with the initial and final arcs of each chain 
represent the fact that processes which are uninitiated or terminated re- 
quire no resource. 

Some of the notation to be used in the discussion which follows is 


described next. 


82.4 Notation 


A demand graph is denoted by D with appropriate superscripts when 
two or more graphs have to be distinguished. The chains of a demand graph 
will be denoted by X} (chi-i) where the suffix is an integer and serves 
to identify the chain being denoted. In general, there will be m chains 
so that i assumes values from the set of integers {1, 2,3, ...m}, which 
will be denoted by [1, m]. The arcs of the demand graph are denoted by 


their labels, Oss where the superscript i identifies the chain and the 
subscript j the position of the arc on this chain. The arcs on a chain 
are numbered in increasing order in the direction of the arrows. The 


quantity n represents the number of arcs on the chain Xy° Thus j 
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takes values in the set [1, n,] for arcs on Xqe Individual arcs are some- 
times denoted by qa and 8. The demand associated with an are a; will 
be represented by a(as). The arrows on the chains will be assumed to be 
directed downwards, so that "down a chain'' means in the direction of the 
arrows. 

Figure 2.2 shows a typical demand graph from the class of Scalar 


Demand Graphs and illustrates some of the notation. 


$2.5 Slices of a Demand Graph 


A slice of a demand graph is a set of arcs, one from each chain; 
the slice is said to intersect the chains in the respective arcs. A slice 
is thus conceptually similar to a cut-set of the demand graph — it par- 
titions the transitions of a demand graph into those that lie above it and 
those that lie below it. The transitions that lie above the slice make 
up the predecessor set of the slice and those that lie below, the suc- 
cessor set of the slice. Theinitial slice of a demand graph consists of 
the set of initial arcs and the terminal slice consists of the set of ter- 
minal ares of the graph. 

Slices of a demand graph are represented by lower case Greek 
letters other than @ and B — usually y. The initial slice of a demand 
graph is denoted by Yr and the terminal slice by Yr The arc from a 
chain x, that goes into a slice y is represented by yu Kae It is 


frequently necessary to refer to a slice obtained from another one by a 


-25- 


Xo 
2 
on 0 
2 2 
a, d(a,) 


Figure 2.2 
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substitution of arcs. For this purpose a substitution operation on 
slices is used. The operation is represented as (x/y), and read "sub- 
stitute arc x for arc y"; arcs x and y must belong to the same chain. 
Thus (x/y)y represents the slice obtained by replacing arc y by arc x 
in y. The operation can be repeated so that expressions of the 
form (#'/a)(B'/B)y, which means "replace g and B by a' and g', respec- 
tively, in y"', are possible. The notation (as/¥ Hx, )Y represents the 
slice obtained when the arc y AX, from the slice y is replaced by the 
arc a Slices are also represented by a string made up of the labels 
of the arcs from Xyo Xq2 ee Xy (in order) that make up the slice, Thus 
ayes wie ay is another notation for Vz and (og, (a) 2) wee € 
(y/o) is an On sii a or Yn. Figure 2.3 shows several 
slices; Yy is ates, Yo is a5 and so on. As has been done in 
Figure 2.3, the arrows on the arcs of demand graphs will be omitted in 
the figures that follow, unless clarity demands that they be shown. 

The slices of a demand graph represent all the states of the sys- 
tem of processes; the arcs composing a slice indicate which phase each 
process is in. The state of the system is also known as the allocation 
State of the system since the phases are characterised by steady re- 
source usage. It should be noted that the allocation state is not de- 
termined by the set of m demands (and also allocations) of the m processes 
but rather by the set of m phases — the same set of demands may be en- 
countered for several combinations of phases. The allocation state of the 


system before any process is initiated is represented by the slice Yq: 


ad] = 


Figure 2.3 
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As the processes are initiated and progress, the slice representing the 
current state, i.e. the current slice, moves to lower and lower posi- 
tions in the demand graph until the state where all the processes have 


terminated is reached. The last state is represented by the slice Yr 


$2.6 Relations on the Set of Slices of a Demand Graph 


Two relations, viz "earlier than or the same as" and "later than 
or the same as", can be defined on the set of slices of a demand graph. 
The relations have the same meaning as their names suggest intuitively. 


A slice Yy is said to be earlier than or the same as a slice 2) if 


the predecessor set of Yo includes the predecessor set of 1" Pred- 
ecessor sets are represented by P(y) and successor sets by S(y). 

The relation "earlier than or the same as" is written "<". Thus 

Yj < Yo Lf PCy) 2 P(y,)- Similarly Yo is later than or the same 
as Yy >» written Yo = Yy> if S(y,) =) S(Yo)> i.e., if the successor set 
of Yy includes that of Yo: A slice Yo is said to be an immediate 
successor of a slice Yy if 4 < Y5 and if the predecessor set of 

Yo is larger than that of Yy by exactly one transition. In general, 
a slice has m immediate successors. The immediate successor of a slice 
y is denoted by S, (Cy), where i identifies the chain on which the suc- 
cessor differs from y in the arc used. In Figure 2.3, Vy is the 
same as So (Yo) while Y3 is S,(y,)- The strict relations corres- 
ponding to "<" and ">" are represented by "<" and ">", 


respectively, and are mutually complementary. 
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The relations "<", ">", "<" and ">" are also used for arcs 
with the same meanings, i.e., dy < Mos for instance, means that arc ay lies 
above arc @, on some chain. In this connection, the arcs of a chain 
may be regarded as degenerate slices, i.e., slices of demand graphs that 


consist of single chains. 


§2.7 Partial Orderings and Lattices 


A partial ordering is a reflexive’ antisymmetric and transitive 
relation. For example, the ordinary "less than or equal to" relation for 
integers is a partial ordering. A set with a partial ordering defined on 
it is a partially ordered set. As explained above, the set of integers 
is an example of a partially ordered set. A set is said to be totally 
ordered if every pair of elements is related by the partial ordering re- 
lation. The setof integers, for instance, is totally ordered. The set 
of pairs of integers is only partially ordered — for neither (2,3) < (3,2) 
nor (3,2) < (2,3) is true when "<" is interpreted as requiring that "<"! 
hold for each pair of corresponding components. 

The least upper bound or l.u.b. of a subset, “, of a partially or- 
dered set, 9, is the smallest element of { that is greater than or 
equal to every element of Ww. Thus the least upper bound of {3,5,7} is 


7 while that of {(3,2), (4,1), (2,5)} is (4,5). The greatest lower bound 


ere unfamiliar with these terms may wish to consult Birkhoff and 
MacLane's book [9] or a similar work. 
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or g.l.b. of a subset, %, of a partially ordered set, 9, is the largest 
element of 9 that is less than or equal to every element of w, 

A lattice is a non-empty partially ordered set, every pair of 
elements of which has a l.u.b. and a g.l.b. A lattice is said to be a 
complete lattice if every finite subset of the lattice has a l.u.b. and 
ag.l.b. It can be shown that every finite lattice, i.e. a lattice with 
a finite number of elements, is complete. Every finite lattice, there- 
fore, has a least element and a greatest element which are respectively 
the g.l.b. and l.u.b. of the lattice. The set of pairs of integers from 
1 to 10 is a lattice whose least element is (1,1) and greatest element is 
(10, 10). A lattice is a distributive lattice if the operations of ex- 
tracting g.l.b.'s and l.u.b.'s distribute over each other. The lattice 
in the previous example is distributive. 

An element a of a lattice is said to cover another element b 
of the lattice if b <a but there is no other element x such that 
bs x sa. A connected chain in a lattice is a set of elements 
x 


12 Xo 00+ X, such that each x, covers the length of such a 


tS 8 
i-1’ 


connected chain is n-1. Two elements x and x' are said to lie on 


a directed path from x to x if there exists a connected chain whose 
first element is x and last element is x'. The length of such a di- 
rected path is the length of the connected chain. The Jordan-Holder- 
Dedekind Theorem for lattices implies that the lengths of all directed 


paths between a pair of elements of a distributive lattice are equal. 


For the example in the previous paragraph, the length of any directed 
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path from (2,3) to (5,5) is 5 since 4 elements are required to connect 
them, e.g. (3,3), (4,3), (5,3), (5,4). Because of this property of dis- 
tributive lattices, the elements of a distributive lattice can be ar- 
ranged into ranks — elements at the same distance from the least ele- 


ment of the lattice lie on the same rank. 


82.8 The Lattice of Slices of a Demand Graph 


The slices of a demand graph of the kind illustrated in Figure 2.2 
form a distributive lattice under the relation '"<". The greatest ele- 
ment of the lattice is Yr while the least element is Yr" Figure 2.4 
shows the lattice of slices of the demand graph of Figure 2.3. The 
height of the lattice, i.e. the length of a directed path from Yy to 
Yr is (n) -2) + (n, -2) +... + (7 2) or the total number of trans- 
itions in the graph. 

The l.u.b. of the two slices Yy and Yo in Figure 2.3 is Y3 


while their g.1.b. is Yo° This can also be seen in Figure 2.4 where 


vy is ajo% and Yo is aay, while Y3 and Yg are a0, and 
12 : ; 1 2 m 
OQ; respectively. In general, the l.u.b. of two slices ra Tae ie 
1 2 ms. ; Pid m n 
and 955789 box a is the slice ets ils Of where t; = l.u.b. 


(r;, 8;), and similarly for the g.1.b. of two slices. 


a3hen 
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$2.9 Feasibility and Safeness of Slices 


A move on a chain Xy in a demand graph is a function whose do- 
main is the set of all slices which intersect X4 in a given are and 
whose range is the set of immediate successors of these slices on Xq° 
A move is thus defined by a pair of typical elements from its domain 
and range. If a slice, y, is in the domain of a move, yu, then the 
corresponding element, y', in the range of wu is the slice resulting 
from the application of the move to the slice y and is represented by 
yu. If a move up, leads from vy to Yo then uw is also represented 
by Yy 4 Yo° Two moves, My and Hos are said to be connected if they can 
be represented in the form v1 + Yo and Yo 4 Y3> respectively. A macro- 
move is a sequence of moves, every pair of which is connected. The se- 
quence of slices Y1¥o¥3 -++ Ye is a connected sequence of slices if the 
sequence of moves y,°? Yoo Yo > V3 0e°> Yeey 4 Yq is a macro-move. A 
macro-move from the initial slice, Yy> of a demand graph to its terminal 
slice, Yp is called a run. A uni-chain macro-move is a macro-move all 
of whose components are moves on the same chain. 

A slice is said to be feasible if the sum of the demands asso- 
ciated with the arcs in it is no greater than C, the capacity associated 
with the demand graph. A slice that is not feasible is infeasible. A 
feasible slice of a demand graph is safe if there exists a macro-move 
from it to the terminal slice of the graph and if the slice resulting 


from the application of each move in the macro-move is feasible, i.e., 
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if there exists a connected sequence of feasible slices from the slice 
in question to the terminal slice of the graph. A slice that is not 
safe is said to be unsafe. Figure 2.5 shows a safe shice’ and the moves 
that lead from it to Yr In terms of the lattice of slices, a slice y 
is safe if there exists a directed path from y to Y,, the terminal 
slice of the graph, that uses only feasible slices. 

In terms of the system of processes represented by a demand graph, 
a feasible slice represents a meaningful allocation state. A feasible 
slice that lies on a directed path from Vy which uses only feasible 
slices represents an attainable allocation state. That a slice is safe 
means that there exists a schedule for the processes that leads, from the 
state of the system represented by the slice, to the state in which all 
the processes have terminated; for each feasible slice resulting from the 
application of a move to a feasible slice that represents an attainable 
state, itself represents an attainable state. A slice all of whose 
immediate successors are infeasible represents a state of deadlock. 
The slice representing the current state is referred to as the current 
slice. That the current state is not safe, or is unsafe, implies that 
every sequence of macro-moves when applied to the current slice eventu- 
ally leads to a slice all of whose immediate successors are infeasible; 
there is no schedule for the processes that permits all the processes to 


complete — deadlock is unavoidable. Because of this association of 


Tre should be noted that if Habermann's analysis were used in this ex- 
ample, the slice marked safe would be declared unsafe. The larger num- 
ber of slices that can be safe is indicative of the ability to improve 
resource utilization that the systems discussed here possess. 
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$2.10 Representation of Habermann's Systems 


It will be recalled from the discussion of Chapter 1 that 
Habermann studied deadlock avoidance in systems of independent sequential 
processes in which the only available a priori information about resource 
usage by processes is that of the maximum amount of each kind of re- 
source that a process uses. Such systems will be known as Habermann 
systems. As the discussion in this chapter (and Habermann's analysis in 
[2]) concerns systems with a single type of shared resource, the maximum 
amount for that resource can be assumed to be available in such a system. 

The demand graphs of Figure 2.6a and b represent such systems. In 
Figure 2.6 max, represents the maximum amount of resource that process i 
ever uses. There are max, arcs, in addition to the initial and terminal 
arcs, on chain Xq in Figure 2.6b. Figure 2.6b permits representation 
of allocation states in which a process has been allocated some resource 
but not the maximum amount it ever needs — this is not possible in Fig- 
ure 2.6a. 

In either of the demand graphs of Figure 2.6, it is clear that a 
slice is safe if and only if a sequence of uni-chain macro-moves, each 
of which consists in crossing all the remaining transitions on the chain, 
can lead from the slice to Yr by way of feasible slices alone. This 
is because the demands increase monotonically up to the penultimate arc 


on each chain. When interpreted this means that a state is 
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represented by a safe slice if and only if the processes can be scheduled 
so as to run to completion one at a time (no interleaving of processes). 
This is exactly Habermann's Theorem 1 in section 2.3 of his thesis [2]. 

As they stand, neither of the demand graphs of Figure 2.6 really 
model Habermann systems in all their detail when Habermann's model is 
interpreted broadly. Firstly, they suggest that allocation to processes 
is made either all at once (Figure 2.6a) or one server at a time (Figure 
2.6b) and this need not be assumed in Habermann systems. However, as 
phases of processes may last for vanishingly small lengths of time, the 
representation of Figure 2.6b does not represent a serious distortion. 
Secondly, after a process has been allocated the maximum amount of re- 
source it ever uses, both the graphs suggest a sudden return en bloc. 
This behavior is not necessarily shown in Habermann systems either. How- 
ever, the next section shows that partial return of resources by pro- 
cesses at unknown stages can be represented in the demand graphs for such 
systems. Thus Habermann's systems are indeed special cases of the sys- 


tems that can be represented by rectilinear demand graphs. 


$2.11 Dynamically Available Resource Usage Information 


Consider the demand graph of Figure 2.6b. Suppose a slice such 
as y were safe. This implies the existence of a sequence of uni-chain 
macro-moves that lead from y _ to Yr by way of feasible slices and each 


of which involves crossing all the remaining transitions on a chain. 


-40- 
Consider a segment of a chain that lies entirely below y and that does 
not include the terminal arc. If this segment is replaced by another 
segment, that is of any length whatsoever and the demand on whose arcs 
does not exceed the largest demand of any arc in the segment removed, 
then it is clear that the same sequence of macro-moves can still be used. 
The slice y is thus safe in spite of this substitution. Figure 2.7 il- 
lustrates this for a specific example. For general scalar demand graphs 
of the kind illustrated in Figure 2.2, if the replacement is restricted 
to segments consisting of single arcs, then a similar assertion can be 
made. 

One can interpret the discussion of the previous paragraph as im- 
plying that any information about future resource usage that becomes 
available dynamically can be accommodated without deleterious effect if 
the new information does not contradict an earlier and more conservative 
estimate. In general, the addition of such information makes safe some 
states that were unsafe before and thus improves the potential for ef- 
ficient utilization of resources (see Figure 2.7b). 

It should be clear, now, that it is possible to use demand graphs 
to represent systems that exhibit the kind of behavior that Habermann 
systems can display, i.e., systems that return resources partially. 

The discussion of this section shows that demand graphs can be 
used to represent systems in which additional information about re- 


source usage becomes available during the running of processes. 
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$2.12 Safeness Tests 


It was indicated in section 2.8 that the avoidance of deadlock re- 
quires ensuring that the allocation state is always represented by a safe 
slice. It is important, therefore, to be able to test a slice for safe- 
ness, 

One could examine all the slices of a demand graph for feasibility 
and eliminate those slices that are infeasible from the lattice of slices. 
Then a slice is safe if a directed path from it to Yr still exists. 

By examining every slice for safeness in this manner one could mark all 
slices that are safe. An allocator desirous of investigating the safe- 


ness of a slice, then, need merely determine if it is marked safe. 


m 

Unfortunately, there are II n, slices in the lattice while in any run 
m i=1 

only 1+ 2 (n, - 1) slices are encountered. Much of the effort in such a 


i=1 
scheme is thus wasted. Moreover, if a new chain is added to the graph 


(corresponding to addition of a process to the system), a similar compu- 
tation has to be re-done! For these reasons, the safeness tests that are 
of interest to a resource allocator are incremental tests, i.e., those 
that test a single slice at a time for safeness — presumably the slice 
that represents the next state that may become current. Such tests will, 
in general, attempt to construct a sequence of moves from a test slice 
to Yr while ensuring that each move results in a feasible slice. 

The next section describes a safeness test in the form of an al- 


gorithm for the construction of a sequence of the kind described. An 
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important virtue of this algorithm is that it is non-enumerative, i.e., 
it does not require the examination of all possible sequences of moves 


from the slice being tested. 


$2.13 The Safeness Algorithm 


The slice being tested is assumed to be o. The slice y isa 
variable of the algorithm, as is the set {X} which consists of chains 
of the demand graph. 

Step 0: Set y equal to o and {x} equal to {X42Xos oe Xa 
Go to step 1 if y is feasible. If y is infeasible go to 
step 5. 

Step 1: Pick a chain from {x} — call it Xq° Go to step 2. 

Step 2: Attempt to construct a uni-chain macro-move down Xy from y 
so that the slice resulting from each component move is fea- 
sible. Terminate the macro-move at the first point where a 


slice — call it y' — results that satisfies both 
t 
d(y' 1x,) s d(yuUx,) 
and d(S,(y') Hx,) # d(y' 1x,) 
If such a sequence can be constructed go to step 4; if not 


(i.e., if some move results in an infeasible slice) go to 


step 3. 


eile 


Step 3: Delete X4 from {X}. If {X} is now empty, go to step 5; 
if not go to step 1. 

Step 4: If y' is not Yr» then replace y by y', set {xX} equal to 
(X4 2Xyo eX) and go to step 1. If y' is Yr then stop 


and report success (o is safe). 


Step 5: Stop and report failure (o is unsafe). 


It is clear that when the Safeness Algorithm (called SA for 
brevity) terminates successfully, o is safe. Theorem 2.1 below shows 
that when SA terminates unsuccessfully, o must be unsafe. An interpre- 
tation of the algorithm shows that it seeks the first local minimum of 
demand that can be found next. When such a local minimum is found, the 
search is iterated for the new slice and this continues until Yr is 
reached. Figure 2.8 shows a sequence of moves constructed by means of 
the Safeness Algorithm. 

The proof of Theorem 2.1 uses the concept of barriers. A barrier, 
B;,on a chain, Xq> with respect to a slice y is an are on Xy that is 
the first arc below y for which the predicate {(B,/y aX, )y is an in- 


feasible slice} is true. 


THEOREM 2.1 A feasible slice, o, of a demand graph, D, is 
safe if and only if the Safeness Algorithm terminates suc- 


cessfully when applied to o and D. 
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Pe fg 
An examination of SA shows that every uni-chain macro-move in 
Step 2 of SA leads to a slice y' which satisfies: 


d(y' =X) < d(a) for all arcs w that lie between y and 


y' (inelusive) on Xa 


Thus it is seen, by a chain otf deductions, that satisfies 


Yo 
d(Y9 =X) = d(s) for all arcs a that lie between o and 
(3 : 
Yo (inclusive) on X4 

for all chains X,- 


Therefore, in particular, 


dy, “yd a i ae, 


iy ] 
Therefore, (Yo oe ae TY: is feasible; for v3 is feasible. 
Case 2 ey Sp Sir, WEE As, ae eno eR Be, 
Rrdie taeo) Yo j Vg x, B, 


In this case (as explained at the beginning of the proof) too 


ity, X4) Z dy, Pa) 


and so (Yo : X51, ee is again a feasible slice by virtue of the 
feasibility of Ve: 


Thus in either case, one can replace all the arcs in a except 


By by the corresponding arcs of Yo and still get a feasible slice. 

; ‘el Pae a ea oh — F dig aoa e i = 
But the resulting slice is (Bi Yq = BL Yg and this is infeasible by as 
sumption! This contradiction implies that Yo and hence the sequence 
“cannot exist. Thus, 7 be unsafe. 


That ois sate if SA terminates successfully, follows from the 


detinitions of sateness ard successful termination. 
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Theorem 2.1 shows that any macro-move of the kind that leads from 
o toa slice y''’’'!' which is of the form described in Step 2 of SA 
can be applied fearlessly to o in the construction of a feasible se- 
quence of slices from o to Yo backtracking beyond y''**"' is never 


required. This leads to Corollary 2.1.1. 


COROLLARY 2.1.1 Let o bea safe slice of a demand graph 
D and let Oo; be an immediate successor of o resulting 

from a move down a chain Xq° Let Oo; be feasible and let 
WyHo eee My be a macro-move that leads from O; to a slice 
' 


o; by way of feasible slices. Then if 


(i) do; Hx,)<d@ Ux,) 


and (ii) d(o, 1x5) <do Hx 5) for 
all chains X; on which oF and o 
differ in the arcs chosen 


then oO, is a safe slice. 


The corollary follows since yo eee My is a macro-move of the 
kind described in the paragraph above Corollary 2.1.1. 

If the macro-move Myo ree Hy in Corollary 2.1.1 is a uni-chain 
macro-move down Xq then the test is simplified considerably. Thus it 
should be profitable to look for such a uni-chain macro-move. In any 


case, as long as oF < Yp» some labour is saved. 
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COROLLARY 2.1.2 Let o be a safe slice of a demand graph 
i s 
and let o; be S,(@). Then if do, Mx, ) d(o Hx,) 


then a; is safe. 


This corollary follows from Corollary 2.1.1 since the move o~+ oF 
is itself the macro-move that satisfies the conditions of that corollary. 

Theorem 2.1 and its corollaries point out that the Safeness Algo- 
rithm, shortened as suggested in Corollary 2.1.1 and 2.1.2 whenever pos- 
sible, provides a simple test for the use of an allocator of resources. 

It should be pointed out that a sequence of feasible slices from 
o to Vr which is constructed by the Safeness Algorithm does not repre- 
sent the actual schedule or order in which processes will be allowed to 
proceed (by the allocator). The actual order may be quite different, 
being determined by actual requests from the processes, to be permitted 
to proceed to their respective next phases of activity, together with 
considerations of safeness of the slices corresponding to the allocation 
states of the system which would result if the requests were granted. 
This is the incremental aspect of tests that was referred to earlier. It 
is this incremental approach that permits dynamic increase of the number 
of processes in the system as well as the dynamic changes, in the de- 
mand graphs of processes already in the system, that were described in 


section 2.11. 
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3.1 Rectilinear Vector Demand Graphs 


The discussion and analysis of Chapter 2 dealt with the represen- 
tation and analysis of systems in which a single type of resource is 
shared from a pool in an unpre-emptable manner. As the construction 
analogue of Chapter 1 illustrates, however, there are many systems in 
which more than one type of resource are so used, An extension of the 
analysis of deadlocks to systems with multiple resource types, or 
multi-resource systems, for brevity, is therefore of interest and is the 
goal of this chapter. 

Sections 3.11 and 3.12 illustrate how the sharing of locked data 
bases in computer systems and Job Shop Scheduling can be analysed using 
the representation and analysis developed in Sections 3.2 to 3.10. 

Multi-resource systems can be represented by Rectilinear Vector 
Demand Graphs, or Vector Demand Graphs for brevity, which are struc- 
turally identical to Rectilinear Scalar Demand Graphs except that A 
for such graphs is the set of n tuples of non-negative integers for some 
specified n. The arcs of Vector Demand Graphs, therefore, have n-tuples 
or vectors of demand instead of scalar demands associated with them- 
selves. The vectors of demand are represented by d(qw) to emphasize this 
difference. As before, convention dictates that the initial and terminal 
arcs of each chain have zero demand, i.e. (0, 0, ... 0), associated with 


them. Figure 3.la illustrates such a demand graph. 
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The terminology of Chapter 2 carries over mutatis mutandis — 
the qualification refers to the replacement of a scalar capacity, C, by 


a vector capacity, C, and of scalar inequality by vector inequality. 


3.2 A Transformation for Vector Demand Graphs 


A peculiar phenomenon appears in Vector Demand Graphs in 
connection with safeness. It will be noticed in Figure 3.la that the 
slice of D marked y is unsafe because both vy and Yo» the two slices 
which are immediate successor slices of y, are infeasible. However, y' 
is feasible. Moreover, in the system which is represented by D, the 
state represented by y' can be attained just after that represented by 
y; for it merely corresponds to responding (favourably and) simultane- 
ously to the requests from two users to be permitted to proceed to their 
respective next phases of activity. Thus the state corresponding to y 
should be safe. 

To be able to make y safe would require changing the definition 
of a move to permit crossing of several transitions in a move. 

However, representation of such simultaneous or multiple moves 
in the lattice of slices requires addition of a large number of paths to 


the lattice; for at each node of the lattice there would be, in general, 


r 
ie), a, l<r<m 
1 
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possible successors, viz the slices that can be reached by multiple moves 
that involve crossing up to r transitions simultaneously. Moreover, an 
algorithm such as the Safeness Algorithm has to examine these a” possible 
successor slices one by one until its test is satisfied. This increases 
immensely the amount of work involved in examining the safeness of a 
slice. 

Fortunately, a transformation of the demand graphs (as illustrated 
in Figures 3a and 3b) produces a demand graph in which every slice of the 
original demand graph that was safe, when multiple moves are permissible, 
is safe when only single moves are permissible. The transformation op- 
erates on pairs of adjacent arcs, typified by a, and Y say, on each 
chain. Whenever d(a,) 4 d(ay) and d (oy) g d(o,) (where "<" is under- 
stood in the usual vector sense of each component of the Left Hand vector 
being less than or equal to the corresponding component of the Right Hand 
vector), an arc oat is introduced between ay and oe) with a demand 
which is the greatest lower bound of the two vectors d(q) and d(a,). 
Thus a, < as <a, and d(a,) > day) < d(a,). It should be clear that 
these arcs which are inserted provide a sequence of single-transition 
moves between every pair of slices of the type y and y' in Figure 3.1, 
with only feasible slices resulting from the moves. 

As the transformation described above is vital to the accuracy of 
representation and analysis of multi-resource systems by demand graphs, 
it will be presumed that such a transformation is carried out before any 


algorithms or tests are applied to demand graphs. However, the trans- 


formation is not crucial to the analysis that is presented. 
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The Modified Safeness Algorithm 


As in Chapter 2, an incremental algorithm for the determination 
of the safeness of a slice is desirable. It is tempting to try and use 
the Safeness Algorithm of Chapter 2 with a vector comparison in step 2, 
instead of a scalar one. That step would read: 

Step 2: Attempt to construct a uni-chain macro-move down 
X; $0 that the slice resulting from each component 


move is feasible. Terminate the macro-move at the 


first point where a slice y' is reached that 


Satisfies: 


d(y' Ox.) s d(Qyvaoyx.) where "<" is 
at iy SG ere ee) ER 
holding for all 
components simul- 
taneously. 
Lf the attempt is successful, go to step 4; if not 
(i.e., if some move results in an infeasible slice), 
go to step 3. 
Consider Figure 3.2a. Were one to apply the algorithm as modified 
above to slice y, one would get to y", by way of y', and discover that 
no moves from y" result in feasible slices. Unfortunately, the failure 
" 


of the algorithm at y does not imply (as it would in the case of the 


Safeness Algorithm for Scalar Demand Graphs) that y is unsafe. For 
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* tek RK 
the sequence of slices y- y - y - y . , in that figure, shows part of 
a full sequence of feasible slices from y to Yr 
* 
The slice y suggests that avoidance of erroneous moves requires 


changing the condition to be satisifed by y' in step 2 of the algorithm 


above to 


d(y' x.) s d(6 Hy,) for all slices §& that lie between 
= * y and y' (inclusive) 


and a(S, (y") Hx,) # d(y' 1 x,) 


Corollary 3.1.2 of Theorem 3.1 below proves the validity of this conclu- 
sion. The Safeness Algorithm of Chapter 2 with the condition in Step 2 
replaced according to this suggestion will be referred to as the Modified 
Safeness Algorithm. 

A few definitions are required for the precise statement of the re- 


sult of Theorem 3.1, and these follow. 


3.4 The Prefix Property 


The set of extensions, EY) of a demand graph, D, with respect 


to a slice, y, of D is the set of all demand graphs which are identical 
to D up to y, have the same capacity associated with themselves as D, and 
have at least one arc below y on each chain. The demands 

associated with the arcs below y are not constrained except by the def- 


inition of a Vector Demand Graph. A member of Ey Cy) is called an ex- 


tension of the demand graph, D, with respect to the slice y. Figure 3.2b 
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shows an extension of the demand graph of Figure 3.2a with respect to Y. 
Extensions of a demand graph with respect to a slice represent possible 
continuations of the demand graph beyond that slice. 

A feasible slice, y, of a demand graph, D, which can be reached 
by a connected sequence of feasible slices from an earlier slice, o, is 
said to possess the prefix property with respect to the slice, o, if in 
all extensions of D with respect to y in which co is safe, y is safe 
too. Let P be the prefix relation "possesses the prefix property with 


! 
. 


respect to Then P is clearly transitive, so that cPy and yPy' 
implies oPy'. This transitivity is very valuable and will be utilized 


extensively. 


$3.5 Necessary and Sufficient Conditions for the Prefix Property 


In terms of the prefix property, it will be seen that for Scalar 
Demand Graphs, the condition of Step 2 of the Safeness Algorithm (see 
Chapter 2) is sufficient for possession of the prefix property by a slice, 
i.e. by y' with respect to y. Lemmas 3.1 and 3.2 state necessary and 
sufficient conditions, respectively, for a slice of a Vector Demand Graph 
to possess the prefix property with respect to another slice. In these 
lemmas and in the rest of this thesis, the term "accessible" means "can 
be reached by a connected sequence of feasible slices". Also, 
"d (aslice)" is the concise notation for the sum of the demands on the 


arcs in the slice — the object in parentheses may be only a part (subset) 


of a slice and then the notation stands for the sum of the demands on the 
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arcs in that part of the slice. The term "a move fits a slice feasibly" 
in the proofs of these lemmas means that the slice, y, is feasible and 
in the domain of the move, u, and yu is a feasible slice. A macro- 
move fits a slice feasibly if each component move fits feasibly the slice 
resulting after the previous component moves have been applied. 
Note: The case in which a slice of a demand graph passes through only 
one arc that has a non-zero demand is a degenerate one. That is to say, 
every such slice possesses the prefix property with respect to any earlier 
slice from which it is accessible; for one process-at-a-time completion is 
possible, as the demand on each arc of the demand graph does not exceed 
the capacity of the graph. For this reason that case has been excluded 


from consideration in Lemmas 3.1 to 3.3 and in Theorem 3.1. 


LEMMA 3.1 Let D be a vector demand graph and let y bea 


feasible slice of D that contains at least two arcs having 

non-zero demands. Further, let o bea feasible slice of D 
* 

from which y is accessible. Let D_ be the extension of D 


with respect to y defined by Figure 3.3 and 85 be any slice 
* 
of D that is of the form Fy defined below. Then the 


slice y possesses the prefix property with respect to o 


only if whenever the slice 8) is accessible from o, the 


slice y is not accessible from bye 


of this form satisfies the 


1 


Form F, A slice, Sy. 


following conditions: 


The Extension D* 


Figure 3.3 


-61- 
(i) ox rT <y 
(ii) ce) 


1 and y share at least one are that has a 


non-zero demand. 


(iii) d(y) ¢ 4(6,) 


PROOF: Suppose that the condition is violated, i.e. a slice 
by of the form Fy is accessible from o and y is accessible from 
51. Let Xj be the chain on which the arc common to y and nT lies. 

Consider the extension D' of D with respect to y that is 
defined by Figure 3.4 (the chains have been rearranged for drafting con- 
venience). 

The slice y is not safe in D' as the values for the demands, 
d, have been chosen so that the only slice later than y from which 


“k 


Vr the terminal slice of D', is accessible is y' 


and y' is not 
accessible from y because d(y) ¢ d(6,). 
However , 645 is clearly accessible from by and has a smaller 


demand on each chain than Sy. i.e., 
' ° 
a(s; im x) < a, Ox, ) for all chains Xq° 


Thus, since y is accessible from by. y' must be accessible from 6i° 
Now it is clear from the figure that y' is safe in D'. Conse- 

quently, the sequence of macro-moves 6 » 6', 6'+ y' and y' 7 Vr is one 

which produces a connected sequence of feasible slices from 6 to Yr 


Thus 6 is safe in D' and, consequently, o is safe in D'. 


The Extension D' 


a4 7 
Figure 3.4 
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However, y is not safe in D'. Thus y cannot possess the 


prefix property with respect too. 


Q.E.D. 


An immediate consequence of Lemma 3.1 is Lemma 3.2 


LEMMA 3.2 Let D be a vector demand graph and let y bea 


feasible slice of D that contains a least two ares having 
non-zero demands. Further, let o be a feasible slice of D 
from which y is accessible. Let D” be the extension of 
D with respect to y defined by Figure 3.3 and 8, be any 


slice of D of the form Fos which is defined below. Then 


the slice y possesses the prefix property with respect to 


o only if each such ) is inaccessible from o. 


Form Fy A slice bo of this form satisifes the 


following conditions: 
(i) a8 6, <y¥ 


(ii) 6 and y share at least one are that has 


a non-zero demand. 
(iii) dy) ¢ d(6,) 


(iv) d(6, Hx,) s d(p HU x,) for all slices, 09, 
: + which lie between o 

and §) (inclusive) 
and for all chains, 


X° 
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PROOF: It need merely be shown that condition (iv) in Form Fy 


implies that y is accessible from & for then the result follows from 


2? 
Lemma 3.1. 

Since y is accessible from o, there exists a sequence, M, of 
moves from o to y, say it is HyHg s+ Mas Then OWyHy ++ Hg = y. 
Also, the slice resulting from the application of each move is feasible, 


i.e., each Hs fits the slice THyHo ee6 Mey feasibly. Let My be 


the first move in M that has the property that 
Le yy x $, 
but Oly Hy ++ Hy k 8, 


Ls. oy) is the first move to cross 55. Then, by virtue of condition 


(iv) in the definition of form Fos 


d(54) $ duu +++ Hy 4) 


Thus, ry) fits $, feasibly. 
Similarly, Mod fits SoH, feasibly, and so on up to Mp where 
Hy is the first move to cross by completely, 
i.e. Oly Hy +++ Hoy # by 
but OHyHo +e M, > PF 


At this point, OHy Uo ++ My = SoH heyy sc Ky and, consequently, 
th = ae i eee ° 
e macro-move u Mg fits Oy Uo My feasibly 


pl ° 
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Thus Hp see Ha is a macro-move that fits 6, feasibly and 
SoH, seu Hg = y. Thus y is accessible from 55. 


[Some moves, Ha? produce no apparent effect 


These moves are those that produce an immediate successor on a 
chain that still intersects the chain at or above So. These 
moves can be ignored.] 

Q.E.D. 


LEMMA 3.3 Let D be a vector demand graph and y bea 


feasible slice of D that contains at least two arcs that 

have non-zero demands. Further, let o bea feasible slice 

of D from which y is accessible. Let D* be the extension 
of D with respect to y defined by Figure 3.3 and 64 be 


* 
any slice of D_ that is of the form F,, which is defined below. 


3° 


Then y possesses the prefix property with respect to o if 


* 
whenever 84 is accessible from o, Yr the terminal slice of 


* 
D , is not accessible from $4. 


Form Fy A slice 835 of this form, satisfies the 


following conditions: 


(i) ox 6, 
(ii) Either $4 and y share at least one are 
that nas non-zero demand, or 6, includes 


3 


* 
at least one terminal arc of D. 


Moreover, 
OH Ho eee Hy - YH obo y cee Hy 


so that the macro-move fits YHotp ey seca Hp feasibly. 


on Hg 


Thus is a macro-move from y to Yr that has 


a has 
the property that each Ho fits Ye pho see My feasibly. Thus y is 
safe. 

Therefore, y possesses the prefix property with respect too. 


Q.E.D. 


An immediate consequence of Lemma 3.3 is Theorem 3.1. 


THEOREM 3.1 Let D be a vector demand graph and y bea 
feasible slice of D that includes at least two arcs that 
have non-zero demands. Further, let o be a feasible slice 
of D from which y is accessible. Then y possesses the 
prefix property with respect to o if 

icy nx,) < d(p 1 x,;) for all slices, p, that lie 


between o and y _ (inclusive) 
and for all chains, X4 


PROOF: From the condition of the theorem it follows that con- 


dition (iii) of Form F, cannot be met by any slice satisfying conditions 


3 


(i) and (ii) of that Form. The result, therefore, follows from Lemma 3.3. 
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The results proved above have little intuitive meaning and their 
principal use is in proving Theorem 3.3 later. The reader should sat~- 
isfy himself that the necessary and sufficient conditions in Lemmas 
3.1 and 3.3 are compatible. Figure 3.5 shows a slice, y, which pos- 
sesses the prefix property with respect to another slice, o, even though 
the conditions of Theorem 3.1 are violated — the conditions of Lemma 3.3 
are met, however. Theorem 3.1 provides the basis for the Basic Algo- 


rithm, which is presented later. 


Ky 
uo 


.6 Inadequacies of the Modified Safeness Algorithm 


Theorem 3.1, stated above, shows that the slices, y', produced in 
Step 2 of both the Safeness Algorithm of Chapter 2 and the Modified Safe- 
ness Algorithm possess the prefix property with respect to the slices y- 

The prefix property states that partial sequences of feasible 
slices possess extensions that lead to the terminal slice. Theorem 2.1 
showed that, in addition to producing slices with the prefix property, 
the Safeness Algorithm of Chapter 2 was always able to construct the ex- 
tension. Unfortunately, such is not the case for the Modified Safeness 
Algorithm, and Figure 3.6 illustrates this. In that figure, the Modified 


Safeness Algorithm fails at y even though there is an extension, viz 


¥, slesle 
Wis 


Y- Y. - Y - ie ree Ypo of the sequence o - y. The Modified Safe- 
ness Algorithm thus needs to be augmented by an algorithm that con- 
structs such an extension when the former is unable to — the Crutch 


Algorithm given below is such an algorithm. 


— ——@ . 


—— 


ea ee ee 
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The example of Figure 3.6 shows that the reason that an extension 
of the sequence o - y exists, even when the Modified Safeness Algo- 
rithm is unable to find one, is that the demand on the arc marked ay 
is sufficiently low in a crucial component, viz the first one, to enable 
a macro-move down X3 to its terminal arc to fit feasibly in spite of 
the fact that the demand on ort is not vectorially less than that on 


y Ox. An are such as a! is called a crutch for the obvious reason. 


' 
1 
An arc, @,, ona chain, Xeo of a demand graph, D, is said to be a crutch 


with respect to a slice, y, of D if the following relation is satisfied: 
d(a,) # div M1 x,) 


The example in Figure 3.6 also points out that the Modified Safe- 
ness Algorithm fails at a slice, y, of a demand graph when moves down 
each chain result (eventually) in an infeasible slice before the con- 
diton in Step 2 of that algorithm is satisfied. The arcs on the chains 
which correspond to these infeasible slices are thus barriers (see the 
arcs marked By> Bo and By in Figure 3.6 for instance). An arc, Bs» on 
a chain, Xqe is said to be a barrier with respect to a slice, y, which 
lies above it, if B. is the first arc on Xy after y aX, such that 
the slice (B,/Y Ax, is infeasible. When the Modified Safeness Al- 
gorithm fails at a slice, y, then a barrier with respect to y exists 
on each chain of the demand graph. 

The role of the augmentative Crutch Algorithm can now be ex- 


plained. When the Modified Safeness Algorithm fails while testing a 


~72~ 
slice o for safeness, there exist barriers, B, On X55 with respect to 
the last slice possessing the prefix property with respect to the 
slice o. If no crutches with respect to y lie between y and the 
B's, then extension of the sequence o ... y to Yr is not possible 
and co is unsafe. When such crutches can be found, such an extension 
of the sequence may exist (see Figure 3.6, for instance). The function 
of the augmentative algorithm is to examine the possibility of using the 
crutches to cross a barrier. The slice yt in Figure 3.6 shows that not 
all crutches are (equally) useful. Figure 3.7 shows that more than one 
crutch may need to be used — in fact as many as m - 1 crutches may 
need to be used — to cross a barrier. The Crutch Algorithm should, 
therefore, be capable of examining all possible combinations of crutches 
that may prove useful. 

Augmentation of the Modified Safeness Algorithm produces the 
Augmented Safeness Algorithm (ASA for brevity). This algorithm is 
rather complicated to follow and so it is preceded by a prologue which 
explains the interaction between the components of the ASA and shows a 


model for the working of the ASA in terms of a growing tree. 


3.7 Prologue to the Augmented Safeness Algorithm 


The Augmented Safeness Algorithm is really a shell algorithm, in 
that it calls the Basic Algorithm iteratively until BA fails or until 


it is found that the terminal slice, Vp is accessible from the test slice. 
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The Basic Algorithm (BA) uses the test in Theorem 3.1 to seek s 
slice that is accessible from the slice ™, which is one input parameter, 
and that possesses the prefix property with respect to “. Occasionally, 
BA encounters barriers on all the chains and then it resorts to the 
Crutch Algorithm (CA). CA merely advances the slice to ys a slice 
passing through a crutch, and calls BA. If BA again encounters barriers, 
it resorts to CA once more, and so on, so that calls to BA and CA can 
be nested. If BA does not encounter such barriers it seeks slices ac- 
cessible from yt and possessing the prefix property with respect to 
it. It tests these slices, y', to determine if y'P“ and if so, to 
declare success. If —y'P, it continues its search. Thus the success 
of BA always results in a slice, Vp? being returned that satisfies vee 
The slices y' are said to be conditionally acceptable since it may or 
may not be true that y'P¥, but it is true that y'Py'. If y'P, then the 
slice y'. is said to be acceptable; for instance, Yp is always an ac- 
ceptable slice. 

The activity of ASA and its components can be modelled by a 
growing tree whose nodes represent slices. Each slice represented by a 
node is accessible fromthe slice represented by a node preceding it in 
the tree. The shape of a node reflects the characteristics of the slice 
represented. Square nodes represent acceptable slices. If a square 
node representing the slice vy precedes a square node representing the 


slice Yoo then YoP ¥1- The test slice, o, is at the root of the tree and 


is represented by a square node. An asterisk-like node represents a 
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slice passing through a crutch relative to the slice represented by the 
node immediately preceding it. Triangular nodes represent condition- 
ally acceptable nodes. If a triangular or asterisk-like node repre- 
senting the slice ¥3 precedes a triangular node representing the slice 
42 then ¥,P Y3+ The plain nodes represent slices that are dead-ends. 

The activity of BA appears as in Figure 3.8a, while that of the 
full ASA appears as in Figure 3.8b. 

Readers may find Figure 3.8b of value in understanding the Aug- 
mented Safeness Algorithm. 

In the statement of the ASA, the word "invocation" is used to 
mean "activation" and relates to recursive performances of algorithms. 
The term hump in the statement of the Crutch Algorithm refers to an 


arc whose demand is no less than that of the next arc. 


$3.8 The Augmented Safeness Algorithm 


The slice whose safeness is being examined will be denoted by o. 
There is an internal variable, y, which is a slice. 


Step 0: Set yw equaltoo. If us Op» note that o is safe and stop; 
if not, go to Step l. 

Step 1: Perform the Basic Algorithm with y and ™ set equal to un 
and X set equal to %, the empty set. If the algorithm 


terminates unsuccessfully, go to Step 3; if not, set wu equal 


Figure 3.8b 
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to 1 the value returned, and go to Step 2. 
tb? stop and report success; if not, go to Step l. 


Step 3: Report failure and stop. 


Basic Algorithm 


This algorithm uses three input parameters, viz two slices, y and 
W, and a set of chains, X. It seeks a feasible slice v that is ac- 
cessible from “ and that satisfies ver Y, (Since, presumably “ Po, 
this implies that VF oo The set Xp is an internal variable 
Step 0: Set ta = (x4. Xoo see te Go to Step 1 if y is feasible; 


if not, terminate and report failure. 


|r 


Step Pick a chain from X,,, preferably one that is in X — call it 


Xe Attempt to construct a uni-chain macro-move down X4 that 
fits y feasibly and is as large as possible — however, 
terminate the macro-move at the first point where the slice, 


y', resulting from the macro-move satisfies 


d(y' ™ xX) s d(o9 Li xy,) for all slices op lying 
= between y and.  y' 
(inclusive) 


and d(S.(y') i x,) # d(v' & x,) 


(i.e. a local minimum is reached on Xs 
If the attempt is successful then go to Step 2. If the attempt 


is unsuccessful, go to Step 5. 
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Step 2: If X is empty, then go to Step 7. If X is not empty, then 
go to Step 3 if xX; is not in X and to Step 4 if Xy is 
in X. 

Step 3: Set y equal to y' and go to Step 0. 

Step 4: If 


d(y' Ox,;) s d(6 Oi X,) for all slices § lying be- 
tween W and y' (inclusive) 


then delete X4 from X and go to Step 2. Otherwise go to 
Step 3. 

Step 5: Delete X4 from Xpae If XA is now empty, go to Step 6; 
if not go to Step l. 

Step 6: Perform the Crutch Algorithm with w, X and y as values for 


ee and ve respectively. If BA ter- 


the input parameters, w, Xx 
minates with success, set y' equal to Yo? the value returned, and 
go to Step 7. If BA fails, terminate and report failure. 


Step /: Set Yp equal to y', terminate and report success. 


Crutch Algorithm 


This algorithm extends the sequence of slices to a slice which 
+ 
passes through a crutch relative to the input parameter y . It uses an 
internal variable Xun which is initialised to {X45 Xoo cee Xn at 


entry. It uses the input parameters w’ and x for calls to BA. 


Step 0: Pick a chain from Xoa — call it X 4° Go to Step l. 
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Step 1: Attempt to construct a uni-chain macro-move down Xj that 
fits yr feasibly and that is as large as possible — however, 
terminate the macro-move at the first point where the slice, 


* 
Y , produced by the macro-move satisfies: 


(i) dy" H1x,) # ay" 1x,) of Ba, d(@,) > d(y" 1 x,) where 
Pr ie aia 
Y X5 a, Y Xx 
i.e., either y* contains a crutch or a hump er was crossed. 
and (ii) d(y Hx,) # as, (y) a x4) 


If the attempt succeeds, go to Step 2; if not, go to Step 3. 
Step 2: Add X, to X° and call for the performance of BA with the input 
parameters Pi x and w* as values for the input parameters 
y, X and &, If BA terminates successfully, then set Ye equal 
to the value, Yp? returned by BA and go to Step 5. If BA 
terminates unsuccessfully (then the macro-move y" + y is not 
acceptable and so), set yr equal to y and go to Step l 
(rather than to Step 0 as a larger uni-chain macro-move down 
X, than y° 4 a may be acceptable). 
Step 3: Delete x, from X,,. If X is now empty, go to Step 4; 


CA CA 
if not, go to Step 0. 


Terminate and report failure. 


Terminate and report success. 
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83.9 Adequacy of ASA 


Theorem 3.2, which follows, shows that the Augmented Safeness 


Algorithm is sufficiently potent to handle all vector demand graphs. 


THEOREM 3.2 The Augmented Safeness Algorithm applied to a 
slice of a vector demand graph terminates successfully if 


and only if the slice is safe. 


PROOF: The "only if" result follows from the fact that ASA 
terminates successfully only if the terminal slice of the graph is 
reached and from the fact that every slice in the sequence constructed 
is feasible. 

It remains to be shown that ASA never reports failure erroneously, 
i.e. when the slice being tested is safe. 

Suppose ASA failed even though the slice under test is safe. 

Let D be the demand graph and o the slice under test. Now fail- 
ure of ASA implies failure of BA, which implies failure of CA. Let y 


t 
represent the last value of Ms returned by BA. Then Y, is the last 
slice possessing the prefix property with respect to co that was found 
by ASA. At Yps all attempts by BA to use the test of Theorem 3.1 failed 
and BA asked for the performance of CA, which reported failure. That 


CA reported failure when applied at Ye implies that all attempts to use 


crutches failed sooner or later. 
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In terms of the tree of Figure 3.8b, the (sub-) tree rooted at 
Ne contains asterisked, triangular and plain nodes only. The leaves 
of the tree are plain nodes and these slices have the property that 
there are no accessible crutches below them, i.e. there are m barriers 
By (on the m chains) relative to each such slice 6. The arcs between 


§ ax; and p all have demands strictly greater than that on 6 XxX,;- 


Let Bs» for all m values of i, be the lowest of the barriers Be i.e. 


B, for all slices of the form 6 


™ 
V 


Since o is safe and since Y, possesses the prefix property 
with respect too, Ye is safe. Thus there exists a connected sequence, 
LZ, of feasible slices from Y_ to Yr Let o' be the first slice in 


D to pass through one of the B,'s. Say o' passes through B,- Then 
Mx. <o' Ux. <8. j € [1, m j k 
AX; x, <8, Jf fn iF 


' 2 
Y, UX, <9 AX, = BL k € [1, m] 


It will now be shown that the connected sequence of feasible 
slices Ye ... o' can be transformed into one that can be produced by 
ASA. Since ASA was unable to produce it, a contradiction will result. 
This will imply that a sequence such as i cannot exist. 

Let the macro-move ¥9 o' be broken up into uni-chain macro- 


MOVES, Lys Hos ++ Ha? so that 
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at 
YE MyHy ses Ha =o 


Consider an intermediate slice, y', in the sequence Ye? o' 


that terminates a uni-chain macro-move, and say 
os 
y Ve MyHo o++ My 


iA ° . a 
Let y'' represent the slice Vp HyHo eee Heyy and say Hp,, is a macro 
move on X ). 


Then two cases can arise: 


Case 1 d(y" 1x.) 4 d(y' 1 xQ) 
In this case Heay consists in moving to a relative crutch, i.e. 
a crutch relative to y'. (It should be noted that an arc wy which 


satisfies: 


d(a,) s d(y' 1x,) 


is also a crutch with respect to y,) In this case, Hey is to be left 
unchanged. 
Case 2 a(y" 1x ,)> dy! EH x,y) 
In this case y" HX, is not a relative crutch. Here two 
sub-cases arise: 
Case A There is an are qa, on X yo between y' 


£ 


and y", that satisfies 
d W 
d(a,) # d(y" Hx,) 
i.e. a hump was crossed. 


In this case is left unchanged. 


Pedy 
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Case B_ There is no arc on Xo? between y' and y", 


that satisfies 


d(a,) #d(y" a x) 


In this case the are y" MX) has the greatest demand 
of all arcs on Xy between y' and y" (inclusive). Two 
further cases can arise. 


Case BL There is an arc a) 


On X ps be- 
tween y' and vy" and as close 


to y' as possible, that satisfies: 
! 1 
ata) # d(y' 1x,) 
and d(S (aj) # d(ay) 


In this case, Head is shortened to stop at a 


slice passing through a Let the remaining part of 


t 
L£° 


' 
Heyy be labelled Heyy: 


Case B2 There is no such arc Oy. 
In this case Heyy is shortened to A, the null 
move. Let the remaining part (i.e. Heyy) be labelled 
T 
MEHL" 
In either of the two cases Bl and B2 above, no point is 


served in carrying out immediately after Mery and Mead 


' 
Peay 
can be consolidated with any later uni-chain macro-move, Hs 


down Kye For the macro-move Hero eee Uy still fits 


+ t tt if 
Vpbyeo see Heay feasibly, as the demand on (ai/y mt XY 
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is no greater than that on y". (If there is no later move 
down Xy and ¢ #k, then Mey can be dropped, while if 


g=k then fad can be carried out towards the end of the 


sequence y, + o', i.e. after Hg?) 


To summarise Cases 1 and 2, either consists in moving to 


Mead 


a relative crutch or in crossing a hump, or can be shortened to 


Mea 


consist in moving to a relative crutch. (The shortening may reduce Mea 
to a null move 4.) In any case, Hey, is or can be made a move of the 
kind that the Augmented Safeness Algorithm produces. 

Let the uni-chain macro-moves when consolidated and transformed 
be labelled by u's with asterisks, so that Heaye for instance, becomes 


* 
uu . Then it is clear from the discussion above that the slice re- 
£+1 


** * 
sulting from the application of any macro-move, HyHg +++ Mes to Y, 


has a demand no greater than the demand of a slice resulting from the 
application of the corresponding macro-move Wyo ++ Hes to Ye° Thus 


- i i lread de) fits 

the macro-move HesyHerg cee Hg (ignoring moves already made) 
* * : ibL ‘i P * * * fol 

Y,-UyHo +++ He feasibly and, therefore, so too does MerpHers vee Ha fe) 


lowed by Ly b> save Hg (ignoring those included in a i due to consol- 
idation). 

One thus gets a sequence of uni-chain moves, of the kind ASA that 
generates, which leads from Y, to o' by means of feasible slices 
alone. 


But this is absurd, since is the lowest of the barriers 


By 
discovered on Xk by ASA! 
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Thus the sequence L cannot exist and ve must be unsafe. As 


Y possesses the prefix property with respect to o, this implies that 


t 


o is unsafe. Thus, the "if" part of the result in the theorem has been 
proved. 

Q.E.D. 

The reader who is still skeptical about the necessity for the 

complicated interactions and backtracking in the Augmented Safeness 
Algorithm, should remember that the algorithm is expected to handle all 
cases and, in particular, the case illustrated in Figure 3.9, In that 
figure it will be seen that if a choice of crutches is made so that one 


' and y" can 


reaches Y; then two conditionally acceptable slices y 
be found (which possess the prefix property with respect to y ) before 


it is realized that there is no way in which Yp can be reached from 


y". It is necessary then, to backtrack to y and (perhaps with some 
further fumbling) move to Y. instead of y. The sequence of slices 
ARO RET Y, batts Ye illustrates that Yp can be reached from y by way 
of Yo° 


Careful observation of the Augmented Safeness Algorithm, and the 
Crutch Algorithm in particular, shows that in the worst case it tries 
out all possible crutch combinations in an enumerative manner. It is 
interesting that this is not a fault of the way the algorithm works. 
This is stated more precisely in Theorem 3.3 below. A few definitions 


and a lemma lay the groundwork for Theorem 3.3 and these follow. 
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$3.10 Characterization of Safeness Algorithms 


By algorithm is meant an algorithmic test for the safeness of 
an arbitrary slice of an arbitrary demand graph that attempts to con- 
struct a connected sequence of feasible slices from the test slice to 
the terminal slice of the demand graph. 

A local algorithm is one which, at any point in the construction 
of a connected sequence, has the partial sequence of slices constructed 
up to that point as the only information about the demand graph on which 
to base its decision regarding what move to try next. Thus, a local 
algorithm does not know about the entire remaining portion of the demand 
graph and, therefore, cannot make only the correct move (in the defined 
technical sense) every time. Similarly, a local algorithm does not have 
recall abilities in respect of futile past moves other than to recall 
that they were futile. Thus, it cannot sweep down the chains one at a 
time and thereby gain (and store) knowledge of the whole or part of the 
remaining portion of the demand graph. (Were one to assume such an 
ability, then it is clear that an arbitrarily large memory would be 
required to store the information, as the chains can be of arbitrary 
length. Since any realistic memory has finite capacity, such an assump- 
tion is clearly unrealistic.) It can be seen, easily, that both the 
Modified and Augmented Safeness Algorithm are local. If the order 
X4° Xos oe X is used whenever chains are to be picked, then this ob- 


viates the need for recording futile use of chains. The use of the set 
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x of preferred chains is not crucial to the working of ASA — it 
merely makes ASA more efficient. 

A local algorithm is said to be a limited-backtracking algorithn, 
if one can generally partition the sequence of slices it produces into 
two or more sub-sequences, the initial and terminal slices of which 
possess the prefix property with respect to the slice whose safeness is 
being investigated. The Safeness Algorithm of Chapter 2 and the Aug- 
mented Safeness Algorithm are limited backtracking algorithms. An 
equivalent definition of a limited backtracking algorithm is one that 
states that the sequence of moves constructed can be broken up into 
macro-moves such that each such macro-move is applied to and produces 
a slice possessing the desired prefix property. Let these macro-moves 
be called correct macro-moves. A limited backtracking algorithm is said 
to be linear if the number of macro-moves examined, before the correct 
macro-move to apply at an intermediate point, characterized by the slice 


y, is found (or it is discovered that none exists), is always less than 
A.f(n,, Tos Ngy see n 


where: A is some constant, f(n,, Nos oes n is linear in the Ty» 
m 
i.e. of the form > a, n, (where the a, are integer constants), and 
i=l 
n, is the number of relevant arcs on chain Xs below y. If the function 


f increases with the ny faster than any linear bound does, then the al- 


gorithm is said to be of higher order or non-linear. 
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In the case of the Safeness Algorithm of Chapter 2, the number of 
macro-moves examined at a time is at most m, i.e. A=m and 
f(n,, Ros see n) = 1, and the algorithm is thus linear. An example of 
an algorithm of higher order is the Augmented Safeness Algorithm. (This 
statement is clarified in the theorem below.) In the case of the Aug- 
mented Safeness Algorithm, the relevant arcs are crutches with respect 


to y, so that ns is the number of such crutches on X;° 


The lemma which follows is essential to the proof of Theorem 3.3. 


LEMMA 3.4 Let D be the demand graph defined by Figure 3.10. 
The arcs marked Bi By; irate Br are m barriers on the m 
chains. The arcs marked l.u.b. are arcs whose demands are 
the least upper bounds of the demands on the two arcs on 
either side of these arcs. The arcs marked a, are crutches. 
Let y, be a feasible slice that is accessible from y 
and is distinct from y. If a lies above the barrier slice 
BiB, ina Bis then %, cannot possess the prefix property with 


respect to y. 


PROOF: Since Xe is accessible from y, the macro-move y Ys 


fits y feasibly. Let this macro-move be broken up into uni-chain 
macro-moves so that y > ¥ = Lyi ee bas 


Let Me be a macro-move down chain Xoo and let Yiyhg vee veel 


be referred to as gai" Then there are two cases: 
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X1 x2 Xm 
e ¢ 9 
oe eS eee eer o 


(py 9059-0) (94 2Po2+*0,) Y 


l.u.b. l.u.b. 


sa 
1 
By l.u.b. 
By (0,05 uy suisse) 
cemvees QO) [CO Oss sc aainse (0,0,.......+-0) 
Capacity = (Cy sCys++++C,) 


< 
ll 


[ Cc. - (m-1)p. ] +k ; .> 03 C, > keg. + (m-k). (5,41 
j ( 0; by 5 = KP; (m-k) (0, ) 


Bo [ Gn (m-1)o, ]-k; Wy, 293 Qe (m-k).o, + k.(p, +1) 
Of the arcs a: 
(i) Exactly k have the demand (py 2Oy2+ +O, ths --p,-ts--0,) 
(ii) The rest have the demand (py 2092+ -py7to+-p,tls--p,) 
h 


eins f st th ‘ bs 
The critical resource is the j ; the h component is specified so as 


to ensure that each a, is a crutch relative to y but d(a, ) dd(yu X)° 


Figure 3.10 
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1 
Case 1 a(y, 1x,) # dy_y A X,) 


In this case Vaal meets all the conditions of Lemma 3.1 and, 
therefore, vs cannot possess the prefix property with respect to y. 
t 
Case 2 dy, AX,) s dlyg.1 A Xy) 
In this case Yg-1 HX, must be one of the arcs marked "l.u.b.". 
Thus Yqa1 OX, must have a greater demand than the arc, a', preceding 
it, viz an qa or the arc y AX p. 
Let He be the previous move down Xo Then YHy eee Uely AX, 
must lie above qa' or be a’. 
° 1 - 
If YHy e+ Mely OX, is q@' then the move le can be de 
leted at this point. Since Heyy cee Hot will fit 
YH] ses Mey feasibly. Let Yeyog se He yHeey cee Heed be 
Yo" Then Yo is accessible from ae since the move Hee 


which is consolidated with Mg? fits YG and leads to Yo" 


a 
Thus % meets all the conditions of Lemma 3.1 and, therefore, 
vs cannot possess the prefix property with respect to y. 

* ' 
If YUyHo +e Mex, lies above q', then H, can be shortened 
so that YoyHg see He includes aw'. Once again Yuyby see Mga 


meets all the conditions of Lemma 3.1 and, therefore, Yp can- 


not possess the prefix property. 
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The values of demand have been chosen so that there is exactly 
one set of k crutches which must be used to cross any barrier at all. 
Non-obstructive arcs are arcs whose demand vectors are such that any 
feasible slice that includes £ arcs that are crutches, for any 
£< m- 1, (and shares the remaining arcs with y) is accessible 
from y. The arcs marked l.u.b. are non-obstructive arcs. For 
if y, is a slice going through £ crutches, then Cy 1 x,/a,)Y, 
where a, is a crutch, is feasible and so is Yo" That any 
feasible slice that uses 2 crutches in addition to arcs from 
y is accessible from y will be used below. 

Since a local algorithm has no way of knowing which combination 
of crutches is correct other than by trial and error, as many as 
Z- 1 trials can be wasted, where Z is the number of possible crutch 
combinations of from 1 to m ~ 1 crutches (one from each chain) ata 
time that correspond to slices accessible from y. Here n= 1, 
for all values of i, and since all slices using fg crutches are ac- 
cessible,Z = gun. 

The non-linearity of a local limited-backtracking algorithm 


is thus obvious. 
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To further simplify understanding of the example, Figure 3.11 
shows a special case of Figure 3.10. 

The construction of Figure 3.10 is quite general, in that k can 
be an arbitrary integer between 1 and m-1 and can be chosen suitably. 
Now suppose a limited back-tracking algorithm is given. Since 
it is local, it must examine the combinations of the crutches in some 
order, and for each combination of r crutches it tries out some moves. 
However, since there is only one combination that works, all other 
trials are wasted. The number of trials wasted can be made non-linear 
by choosing a value of k appropriate to the algorithm. (It should be 
noted that the choice of values for C. and C, ensures that all slices 
which use from 1 to m-1 crutches are feasible and accessible from y.) 

For example, consider an algorithm that uses the crutches lL 
at a time, 3 at a time, etc. up to m-l or m-2 (whichever is odd) at a 
time and then 2, 4, 6... at a time. 


Pick k = 2. Then the number of wasted trials 


= } (no. of combinations - r crutches at a time) where m' = m-l or 
(rc odd) 


= the sum of the coefficients of an re x, ee anata oo 


in (1 +x) (L+x)( )C€ )... GQ+x) 


: ; 2 gmat , ; , : 
The right hand side is 2 > which is non-linear in m. 


=05- 


Capacity = (19,19,19) 


(With reference to Figure 3.10, m=3,n=3,k=2,h=1, j=2) 


The 'correct' combination of crutches 


is ont and a, 


Figure 3.11 
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Comment 1: The proof technique above is really quite conservative for 
Figure 3.9 shows that merely being able to cross the barrier is not a 
guarantee of being able to reach a slice that possesses the prefix 
property (without further backtracking). 
Comment 2: It is clear that if no combination of crutches (from 1 to 
m-l of them) permits crossing of any barrier, then y (and hence co) is 
unsafe. 

The theorem above indicates that the Augmented Safeness Algorithm 
is in a sense optimal. As long as the Basic Algorithm succeeds the num- 
ber of sequences examined in vain is at most m-1 and consequently the 
algorithm is linear. When it fails, it is necessary for the Crutch 
Algorithm to try crutches in a trial and error fashion to get past the 
barriers discovered earlier by the Basic Algorithm. It then tries to 
reach a slice possessing the prefix property (by use of the Basic Algo- 
rithm); the Basic Algorithm can then be used again. 

The rest of this chapter deals with special cases of the recti- 


linear vector demand graphs discussed so far. 


3.11 Locked Data Bases and Semaphores 


One of the resources that can be shared in an unpreemptible manner 
in computer systems is a set of data bases that have locks on them; only 


one user or process at a time can use such a data base. Tables of 
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miscellaneous varieties in the operating system software are typical en- 
tities of this kind. 

The lock is exactly analogous to Dijkstra's semaphores [10], A 
process examines the lock to see if it is set; if it is net set (the corre- 
sponding semaphore has value 1) then it is set (the semaphore is 
decremented by 1). The lock stays set until the process using the data 
base relinquishes control — at this time the lock is reset again. Of 
course, semaphores are more general than locks, in that they can be used 
for coordination of activities in general. However, whether processes 
use semaphores or locked data bases, deadlocks can occur. The corre- 
sponding demand graphs have demand components which are always either 
O or l and C is (1, 1, ... 1). The techniques described in this chapter 
can be used to examine the consistency of use of semaphores (or locked 


data bases) by a set of users or processes in such a system. 


$3.12 Job Shop Scheduling 


A problem of considerable interest in the field of operations re- 
search is that of scheduling a set of manufacturing jobs in a workshop. 
Say the workshop processes raw stock of some kind in several steps to 
produce useful items. There could be variations in processing for dif- 
ferent raw stocks and different items. In any case, one can draw up a 
job chart, which describes which processes have to be performed and in 
what order. The jobs are then to be scheduled on the different machines 


that do the processing. 
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One can represent the jobs by a demand graph of the kind shown 
in Figure 3.12. Each arc has a demand consisting of zero's and one's 
corresponding to the machines it does not and does need, respectively, 
in that phase. The General n/m Job-Shop Problem [11] deals with n jobs 
and m distinct machines — in this case the demand graph has n chains 
and each demand vector has m components (the interchanged notation is 
confusing and regrettable). C is (1, 1, 1, ... 1), indicating that there 
are m distinct machines. Thus the Job Shop can be represented by a re- 
stricted class of demand graphs. 

However, it is important to note that each arc of the demand 
graph of Figure 3,12 that has a non-zero associated demand is followed 
by an arc with a zero associated demand. This is true for all Job Shop 
problems, as the operations are performed one at a time and jobs can lie 
between two machines — having been processed by one (freeing that ma- 
chine for other work) and awaiting processing by the other. But this 
feature automatically ensures that any slice of the demand graph that 
is feasible is also safe! Thus deadlocks and examination of safeness 
are not important issues in Job Shops. Rather, it is the minimization 
of processing time (average or maximum) for a set of jobs that is an 
interesting problem — particularly, as the time required for each op- 


eration is quite predictable. 
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XY] X92 X3 
(0,0,0) (0,9,0) (9,0,9) 

Y 

(1,0,9) (1,0,0) 
(1,0,0) 

(0,0,0) (0,0,0) 

(0,1,0) (9,9, 0) (0,1,0) 

(9,0,9) (0,0,0) 
(0,9,1) 

(0,0,1) (1,9,0) 

(9,0,0) (0,0,0) (0,0,0) 


Capacity = (2,1,1) 


Figure 3.12 
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JNemand Graphs For ¢ystems With 


Interacting and Internally Parallel Activities 


Chapter 4 
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4.1  Arboraceous Demand Graphs 


In this chapter the constraints on components of demand graphs 
are relaxed somewhat. The components will look like trees but with 
more than arc incident on some nodes. Since the word epee’ has been 
used to describe what wees” call arborescences, both terms will be 
avoided. Instead the term arbour will be used. An arbour is a finite 
directed graph that is circuit free, i.e., that has no directed cycles. 
An arbour always has at least one node with indegree zero and one with 
outdegree zero. An arboraceous demand graph is a demand graph whose 
components are arbours and whose arcs are labelled with demands chosen 
from the set of n-tuples of integers. The capacity associated with the 
graph is also such an n-tuple. No distinction will be made between 
vector and scalar demands on arboraceous demand graphs, except where 
exceptional properties appear in graphs with scalar demands. Initial 
and terminal ares are respectively out-going arcs of transitions with 
zero indegree and in-coming arcs of transitions with zero outdegree. 
Initial and terminal arcs have zero demand. Transistions with indegree 
one and outdegree greater than one are called forks after Conway [14]. 
Transitions with indegree greater than one are known as points of syn- 
chronisation or points of interaction. Every point of synchronisation 


must have at least one outgoing arc. 


T See [12] for instance 


See [13] for instance 
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In terms of systems of processes sharing resources, arboraceous 
demand graphs represent systems in which processes are not necessarily 
either sequential or independent. Such systems, with parallel or inter- 
acting processes or processes that are both, arenot uncommon. In terms 
of the construction analogue of Chapter 1, contractors may undertake 
more than one project at a time, with the projects sharing initial or 
final phases of activity but being independent otherwise. Alternatively, 
some projects may be too large for one contractor and may be undertaken 
by several contractors with division of the work into independent se- 
quences of tasks with some interaction between contractors. In com- 
puter systems such as MULTICS [15] processes can produce other processes 
and interact with each other by means of the "block" and "wake-up" 
primitives. The interaction that has been mentioned so far is explicit 
interaction, that is interaction other than through the sharing of 
limited resources. There is one kind of interaction, however, that is 
modelled like explicit interaction even though it is occasioned by re- 
source sharing. This is mechanism for acquisition of write access 
capability in systems which guarantee determinacy of computations — 
such as those of Van Horn [16], the implementation in MULTICS of which 
is discussed by the author in [17]. In Van Horn's systems, a clerk 
(process) which possesses read-access capability for a shared data 
object acquires write access capability for it when every other clerk 
has relinquished its read access capability. This behaviour cannot be 


modelled merely by treating such a data object as one kind of resource. 
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Rather, the dependency of the first process on the others has to be 
modelled explicitly, as in Figure 4.1 where the process represented 
by the chain that begins with oP) is the one that waits to acquire 
write access capability before proceeding with the phase represented 
by Qy- 

When arboraceous demand graphs represent systems of users, the 
users are not in one to one correspondence with the components of the 
demand graph; for two or more interacting users appear as one com- 
ponent. Rather, the only construct in the demand graph that indicates 
the number of users in the system represented is the number of initial 
arcs. If every user's processes merge or join [14] before his activity 
terminates, then the number of terminal arcs in the demand graph rep- 


resenting the system also indicates how many users the system has. 


4.2 Slices and Related Concepts 


A sliver in an arboraceous demand graph is a cut-set of a com- 
ponent of the demand graph. A slice of an arboraceous demand graph is 
a set of slivers, one from each component-graph. Slices are denoted by 
lower case Greek letters other than a and B — usually y. The pendant 
sub-graph of an arc consists of the arc and the arbour from its 
terminal transition, t, i.e., the maximal arbour, with t as the only 


transition with zero indegree, that is a sub-graph of the graph. The 
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Figure 4.1 
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pendant sub-graphs of the arcs in a slice of an arboraceous demand graph 
are termed the chain-graphs defined by the slice. Clearly, the chain- 
graphs defined by a slice are not necessarily disjoint. In rectilinear 
demand graphs chain-graphs are chains and this is what suggests the 
terminology for arboraceous demand graphs. Chain graphs are repre- 
sented by x. 

As in Chapter 2, since a slice of an arboraceous demand graph 
partitions the transitions of the graph, one can speak of the predecessor 
Set and successor set of a slice. The relations "earlier than or the 
same as" and "later than or the same as" for slices are represented by 
"s" and "2", respectively, and are defined exactly as in Chapter 2. 

The initial slice, Yp> and terminal slice, Vir? of a demand graph 
are defined as in Chapter 2. 

A frustum of a demand graph is the part of the graph that lies 
between two slices, one of which is earlier than the other. The frustum 
defined by slices Yy and Yo of a demand graph D, where Y1 < Yoo is 
denoted by F(D, Vy Yo)- A frustulum is a component of a frustum. The 
frustula of F(D, Yy> Yo) are denoted by £5 (0, Yy> Yo)» for the ria 
frustulum, or simply f, when the frustum referred to is clear from the 
context. By analogy to entire demand graphs, cut-sets of frustula are 
also termed slivers — the components of the demand graph are the 
frustula of F(D, vp Yp)- In rectilinear demand graphs, frustula are 
chains. Figure 4.2a shows a frustum of a demand graph and Figure 4.2b 


shows the frustula of the frustum. As indicated in Figure 4.2 
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(The dashed arcs are not in the frustum) 


Figure 4.2a 
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Figure 4,2b 
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transitions immediately following the slice Yo and immediately pre- 
ceding the slice Y, are part of the frustum F(D, Yy> Yo)s but forks 
preceding Yy are split up into as many nodes as there are outgoing 
arcs and points of interaction are split up into as many nodes as 
there are incoming arcs. As a consequence, in Figure 4.2b, the sub- 
graphs marked f. and fy, or those marked f and f, are distinct frustula. 

The concepts of immediate-successor slices, moves, macro-moves, 
uni-chain macro-moves, connected sequences of slices, runs, feasibility 
and safeness of slices, etc., carry over directly from Sections 2.6 and 
2.9, 

The slices of an arboraceous demand graph representing a system 
correspond, as before, to the statesof the system. The number of 
chain-graphs defined by the current slice corresponds to the number of 
processes in the system in the current state. As before, a state is also 
called an allocation state and feasible slices represent meaningful al- 
location states. Safe slices represent states from which the processes 
can be scheduled so as to run to completion without deadlock. In gen- 
eral, the interpretations of Chapter 2 carry over. However, the term 
"user" is now not necessarily synonymous with the term "process" since a 
user's activity may involve several processes, even though it involves 


only a single process initially. 
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Capacity = 10 


Figure 4.4a 


Capacity = 10 


Figure 4.4b 
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then the graph of Figure 4.4a can be transformed into that of Figure 
4.4b which does not exhibit inherent deadlock. There are instances, 
however, when such a transformation does violence to the representation. 
For the processes may deliberately be withholding resources from other 
processes until certain conditions are satisfied by the latter processes, 
satisfaction of the conditions being signalled by the processes reaching 
the point of interaction. Consequently, although it is tempting to pre- 
scribe a transformation of arboraceous demand graphs so as to duplicate 
the arcs preceding and following a point of synchronisation and replace 
the demand on the one near the point by the g.1.b. of the demands on the 
arcs on either side of the point, no transformation will be prescribed. 
However, the spirit of the transformation should be borne in mind in 


the specification of a demand graph for a system of processes. 


4.5 The Prefix Property 


As with rectilinear demand graphs, it is desirable to have 
limited-backtracking algorithms for determination of the safeness or 
unsafeness of a slice. This requires extension of the prefix property 
to arboraceous demand graphs. 

The set of extensions Env) of an arboraceous demand graph is 
the set of arboraceous demand graphs that are identical to D until y, 
and that have the same capacity as D. An element of EY Y) is an ex- 


tension of D with respect to y. If D' is such an extension, then 
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F(D', Ype y) = F(D, Vy: Y), where Vr is the initial slice of D'. 
The definition of the prefix property is identical to that in 


Chapter 3. 


4.6 Necessary and Sufficient Conditions for the Prefix Property 


It should be clear from the discussion thus far that arboraceous 
demand graphs can be analyzed like rectilinear demand graphs as far as 
necessary and sufficient conditions for the prefix property are con- 
cerned. For the frustula of F(D, Vy: y) correspond to the chains 
intersecting y in a rectilinear demand graph, the demand on a sliver 
of a frustulum corresponds to the demand on an are of a chain in a recti- 
linear graph, and so on. 

Thus, the results in Lemmas 3.1 to 3.3 and Theorem 3.1 can be 
translated directly for arboraceous demand graphs. They are stated be- 
low as Lemmas 4.1 to 4.3 and Theorem 4.1, respectively. The proofs are 
similar to those in Chapter 3 and only the variations will be ex- 
plained. In general, the proofs of Chapter 3 apply with substitution 
of "frustulum" for "chain" when the reference in Chapter 3 is to the 
part of a chain above a slice, and "chain-graph" for "chain" when the 
part referred to lies below a slice, of "sliver" for "arc","move down 
a chain-graph" for "move down a chain", etc., where appropriate. The 
notation "y nf" stands for the sliver in which y intersects the 
frustulum f. of some frustum, and d(y f.) for the demand on that 


sliver. 
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LEMMA 4.1 Let D be an arboraceous demand graph and let y 
be a feasible slice of D that intersects at least one 
frustulum of F(D, o, y) in a sliver with non-zero demand, 
where o is a feasible slice of D that is earlier than y 
and from which y is accessible. Let D* be the exten- 
sion of D with respect to y defined by Figure 4.5, and 
oy be any slice of D that is of the form Fi> which is de- 
fined below. Then the slice y possesses the prefix 
property with respect to o only if whenever the slice 
oT is accessible from o, the slice y is not accessible 


from Sy. 


A slice, 4 of this form satisfies the 


1 1’ 


following conditions: 


Form F 


(i) of 65 <y 
(ii) 84 and y share at least one arc that has a 
non-zero demand 


(iii) d(y) # 464) 


COMMENT It will be recalled that the proof of Lemma 3.1 in- 
volves constructing an extension in which o is safe but y is not. 
This is done by following y 1X5, where X, is the chain on which y 
and 61 share an arc, by an are qa', whose demand is just small enough 
for (a'/6, Hx ;)6) to be feasible, The arcs on X, (k # 3) following y 
have demands in D' which are such that uni-chain macro-moves down the 


x, 's fit (az/y 1Xx5)¥ feasibly for some ordering of the k's, where 
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The Extension D* 


Figure 4.5 
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a is the terminal arc of X; in D'. Thus Yr the terminal slice of D' 
is accessible from oT but not y. 
In the case of arboraceous demand graphs D' is similary con- 
structed with chain-graph read for chain. Accessible slivers of 


frustula play the same role as arcs that are not barriers in rectilinear 


graphs, 


LEMMA 4.2 Let D be an arboraceous demand graph and let y be 
a feasible slice of D that intersects at least one frustulum 
of F(D, o, y) ina sliver with non-zero demand, where o is 
a feasible slice of D that is earlier than y and from which 
y is accessible. Let D* be the extension of D with respect 

to y defined by Figure 4.5 and bo be any slice of D” of 

the form Fy» which is defined below. Then the slice y _ pos- 
sesses the prefix property with respect to o only if every 


85 is inaccessible from o. 


Form Fy A slice, S55 of this form satisfies the 


following conditions: 
(i) ao < 6, <y 
(ii) 85 and y share at least one arc that has 
a non-zero demand 
(iii) d(y) # 46,) 
(iv) a, af,) sd(p f.) for all slices, 0; 
which lie between o 


and 89 (inclusive) 
and for all frustulaf,. 
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COMMENT In the case of Lemma 3.2 use is made of Lemma 3.1 


and condition (iv) in F, is shown to imply that y must be accessible 


2 


from S85. The accessibility of y from 6 is shown by modifying the 


2 
moves from o to y that fit y feasibly to fit bo. 

In the case of arboraceous demand graphs too the moves can be 
modified to fit bo. As in the proof of Lemma 3,1, one can consider 
moves Up and Hy, so that the slice resulting from the application 
of Hy is the first one in the sequene of feasible slices from o to 
cross bos etc, 

LEMMA 4.3 Let D be an arboraceous demand graph and y bea 
slice of D that intersects at least one frustulum of 

F(D, o, y) ina sliver with non-zero demands, where o is 
a feasible slice of D that is earlier than y and from 
which y is accessible. Let Dp" be the extension of D with 
respect to y defined by Figure 4.5 and 8, be any slice 
of D™ that is of the form F3s which is defined below. Then 


Y possesses the prefix property with respect to o if 


* 
whenever 6 is accessible from o, Vp the terminal slice 


3 
* s 
of D , is not accessible from 54. 
Form F, A slice, 5,, of this form satisfies the 


3 


following conditions: 


3? 
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(i) o< $4 
(ii) Either $4 and y share at least one arc 
that has non-zero demand or 6 includes 


3 


at least one terminal arc of D’. 

(iii) a(y3) ¢ d($4) where Y3 is the slice ob- 
tained by replacing arcs in y by terminal 
arcs of D’, on all those chain-graphs of ng 
defined by y that 8, intersects in 
terminal arcs. 

COMMENT tit will be recalled that the proof of Lemma 3.3 is 
similar to that of Lemma 3.1, in that it involves modifying a sequence 
of moves from o to Vers the terminal slice of an extension D' in which 
o is safe, to fit y feasibly. Exactly the same technique is applicable 


to arboraceous demand graphs. 


THEOREM 4.1 Let D be a vector demand graph and let y bea 
feasible slice of D that intersects at least one frustulum of 
F(D, o, y) in a sliver with non-zero demand, where o isa 
feasible slice of D that is earlier than y and from which 
y is accessible. Then y possesses the prefix property with 


respect to o if 


d(y H f.) <d(p Uf.) for all slices, 0, that lie 
between o and y (Cinclu- 
sive) and for all frustula, 


f.. 
i 
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for such graphs cannot be linear. To prove this would merely require 
translation of Lemma 3.4 and Theorem 3.3. In fact, even translation 
is unnecessary as rectilinear demand graphs are special cases of 
arboraceous demand graphs. 

However, even with scalar demands arboraceous demand graphs can 
have only non-linear limited-backtracking algorithms. This is proved 
in Theorem 4.2 below. The term "crutch" and "barrier" may be applied 
to slivers in addition to arcs in the rest of this chapter (although 
"barriers" are usually arcs), asthe slivers of interest consist of 


single arcs in those instances. 


THEOREM 4.2 There does not exist a linear limited-backtracking 
algorithm for arboraceous demand graphs even when the demands 


and capacity are chosen from the set of integers. 


PROOF: Consider the demand graph in Figure 4.7. Suppose one 
has constructed a partial connected sequence of feasible slices from 
co to y and suppose y possesses the prefix property with respect to 
Go. 
Because of the choice of values for the demands associated with 
the a's and B's, each arc labelled ~ or § has a demand that is greater 
than the demand on the arc in y that lies on the same frustulum of 


‘ % 
F(D, y; y ). No slice, y', that lies strictly between y and y can 
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possess the prefix property with respect to y. For the macro-move 
y + y' can be broken up into exactly m uni-chain macro-moves 
Hy> Ups cee He because of the relations between demand values indicated 
in the previous sentence, and the slice Yuy is a slice that satisfies 
all the conditions of Form Fi in Lemma 4.1. 

Thus the next slice that possesses the prefix property with re- 
spect to y lies below ,. 

Careful observation of the figure shows that there is exactly 
one ordering of the chain-graphs Xyo Xgo eee X defined by y for 
the uni-chain macro-moves making up the macro-move y 4 _ that fits 
y. This order is Xz Xgo eee X in the figure but can be made 
aribtrary by permuting the values of demand on the a,'s and B.'s. 

As there is no way in which a local algorithm can determine the 
one order that is correct, other than by trial and error, the number of 
futile trials, consisting of uni-chain macro-moves, can be (conserva- 


tively speaking) as large as 
: 2 
(m-r) + (m-4r) +... m- 4r times = (m - r) 


For each of the m - r uni-chain macro-moves, 


Hy bP ee (2,/Y,-4 XY for the values of j in [r, mJ], fit 


Yet" Of these all but one are incorrect. However, that the macro- 
move HG #4) is incorrect is not discovered until m - r futile uni- 


chain macro-moves (down Xpo Xeape cee Xj-2? xX eos Xn are tried 


j+1? 
from Yea1'5° 
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Thus as many as 


2 


Gace ay? ap 29)" hate =: (m - 1)(m)(2m - 1) 


trials can be wasted, 

The non-linearity of any limited-backtracking algorithm follows, 
since there is always a graph that has a "correct order" different from 
that used by the algorithm, andin fact a correct order that is as bad 
as the worst. 


Q.E.D. 


4.9 On the Non-local Nature of Algorithms for Arboraceous Demand Graphs 


Consider the frustulum shown in Figure 4.8. Two slivers s and 3" 
are shown there. Suppose o is a feasible slice which contains s and 
y is the feasible slice (a /a)o. The slice y does not possess the 
prefix property with respect to o because the slice (s,/s)o is a 
slice of the form Fy in Lemma 4.1. However, if a safeness algorithm 
were to use the macro-move o 4 y_ shown by the sequence of dashed 
slivers in Figure 4.8, then (s,/s)o is not a slice that is part of the 
connected sequence o ... y. That a general limited backtracking al- 
gorithm needs information about slices that are not in the sequence of 
slices it constructs to determine whether a macro-move is acceptable or 


not, means that such an algorithm is not local in the defined sense. 
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It may be local in the broader sense that it uses only the initial part 
of the demand graph up to the slice reached. 

The problem is not restricted to demand graphs of which the 
frustulum in Figure 4.8 is a part. Rather, it is a consequence of two 
facts. The first fact is that there are more slices in a frustulum 
which is followed by a point of synchronisation than in a sequence of 
slices that is produced by a macro-move that crosses it. The other fact 
is that crutches such as those in Ss, can lead to slivers of smaller 


demand in combination with other crutches. For instance, in Figure 4.8, 


se 


the sliver s has a demand no greater than that of any of the dashed 
slivers encountered, andyet this is not so with respect to Sy° Thus a 
translated version of the Modified Safeness Algorithm of Chapter 3 would 
have (erroneously) declared the macro-move o 4 y acceptable! How- 
ever, this version of the Modified Safeness Algorithm would not be in 


error in this manner if the demands were scalar; for if 


a' #a and b' ¢b 


then 


a'+b'¢at+b! 


which is not necessarily true for vectors, as the arcs Ays @y and 


show in Figure 4.8. The sliver s has a smaller demand than 


ge 1 


2? % 
s does and also a smaller demand than (5 / Cy )s or (aj /a,)s do. 


Let Y, be a slice that uses the sliver s_ and % a slice 


ale 


that uses s.. Then the fact, that all the feasible slices that are 
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accessible from a and that lie betweeen 2 ss and Y, need to be con- 
sidered if Theorem 4,1 is to be applied in an algorithmic test, is 
crucial to the understanding of the General Safeness Algorithm. This 
algorithm is presented in the next section. Fortunately, s need not 
be earlier than the last sliver that meets the test of Theorem 4.1, 
relative to the corresponding sliver in the test slice, on each of 


the chain-graphs that join at the point of synchronisation. 


84.10 The General Safeness Algorithm 


The General Safeness Algorithm, or GSA for brevity, is an al- 
gorithmic test for testing the safeness of a slice of an arboraceous 
demand graph. It attempts to construct a connected sequence of feasible 
slices from the test slice to the terminal slice of the demand graph. 
Some new terminology is useful in the description of the GSA and is 
indicated below. 


. . F t : 7 
The pre-synchronisation sliver, Bea? of a point of synchronisa- 


tion, t, is the sliver that contains exactly those arcs which are the 


incoming arcs of t. Similarly, the post-synchronisation sliver, 


t 


eost? of t is the sliver that contains exactly those arcs which are 


the outgoing ares of t. Figure 4.9 shows the pre-synchronisation 
sliver and post-synchronisation sliver of a point of synchronisation. 
The efflorescence €(t) of a point of synchronisation, t, is the 


frustulum of F(D, Yy> ¥,2 that contains the arcs incident on t — where 
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FUNDAMENTAL ALGORITHM 


FA is similar to the Basic Algorithm of Chapter 3. The input 
parameters W and y are respectively the reference slice and the cur- 
rent conditionally acceptable slice. In case of successful termination, 
FA returns a slice, Yp? that possesses the prefix property with respect 
to W, Nothing is returned in the event of failure. 

The set Xen is in internal variable. The set S is an input 
parameter and a set of slices that are relevant to the application of 
the test in Theorem 4.1. S, is a similar set except that it is of 


t 


temporary interest and is an internal variable. X_, is an input 


FA 
parameter and is a set of chain graphs. 
Step 0: Set S, equal to 4, the empty set, and XoA equal to Xeae 
Go to Step l. 
Step 1: Add y to S.+ Go to Step 2, 
Step 2: Pick a chain-graph from Kea - call it Xie Go to Step 3. 
Ste : Attempt to construct a uni-chain macro-move, y, down Xq 
that fits y and is as large as possible, but terminate the 
macro-move at the first point where the slice y' resulting 
from the application of wz satisfies one of the conditions 


given below. In any case, add the slices resulting from the 


component moves of wu to the set See 


(i) d(y' x,) sd(p x) for all slices p that lie be- 
tween y and y' (inclusive) 
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Go to Step 4. 
(ii) y' is following by a fork, f, 

In this case perform the Fork Algorithm (FkA, for 
brevity) with y', Xa and f as values for the input 
parameters Vy? Xp and fo 

If FkA terminates with failure, go to Step 5. 

If FkA terminates successfully, set y and Xo 
respectively equal to Ye and 5 the values returned, 
and go to Step 4. 

(iii) y' is followed by a point of synchronisation, t. 


In this case, go to Step 5 after setting Ss. to $, 


1 


Step 4: If y' satisfies: 


d(y' o f.) < d(p f.) for all slices p in § 
and for all frustules, fi, 
of F(D, »®, y') 
then set sf equal to y', terminate and report success. 
If y' does not satisfy the above condition then add 
' ' 
S.. to S, set y equal to y' and both Xe and Xp equal to 
the set of chain-graphs defined by y', and go to Step 2. 
Step 5: Delete X from Koa Le XoA is now empty then go to Step 6; 
if not, go to Stepl, 
Step 6: Perform the Sync Algorithm (SA) with y, %, Xen and S as re- 


: : a 
spective values for the input parameters, You? SA? Kon and 
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Ss If SA terminates successfully, set y' equal to 


SA* 
ae the value returned, and go to Step 4. If SA terminates 
with failure go to Step 7. 


IN 


Perform the Crutch Algorithm (CA) with y, %, X,, and S as 


Step FA 


f ;: s 
respective values for the input parameters You? “ca? Koa 


and So If CA terminates successfully, set y equal to 


AS 
* 


Yoa? 


with failure, terminate and report failure. 


the value returned, and go to Step 4. If CA terminates 


SYNC ALGORITHM 


Hone Mag ONE Soa 


The algorithm searches the chain-graphs in Xoa one at a time until a 


point of synchronisation is reached. If it finds such a point, t, it 


Input parameters to this algorithm are Yga? 


seeks the aid of the Syne Crosser Algorithm (SCA) to extend the sequence 


from Yon $9 8 post-synchronisation slice of t and (recursively) asks 


for the performance of FA. The parameter Yon is a slice. Xan is an 
internal variable and is initialized to Xoae Son is a set of slices. 
Step 0: Set Xan equal to Xion and go to Step l. 
Step 1: Pick a chain from Xen — call it X,;- Go to Step 2. 
Step 2: Attempt to construct a uni-chain macro-move, u, down X 

that fits Ysa and that is such that Yoga is followed by 


a point of synchronisation, t. 
If the attempt is successful go to Step 3; if not go to 


Step 4. 
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Step 3: Perform the Sync Crosser Algorithm (SCA) with Yoalls Kon and t 
as values for Ysca Xeon and toons respectively. If SCA 


terminates successfully, set Yga and Koa respectively 


* 


* 
equal to Ygca and Xeon? 


the values returned, augment Soca 
* 
with Soca which is returned, and go to Step 5. 


If SCA terminates with failure, go to Step 4. 


Step 4: Delete X4 from xX} If X/, is now empty go to Step 6; 


SA* SA 
if not, go to Step l. 
Step 5: Perform FA with Won Yga? Xan and Son as respective values 
for 4, y, XoA and S. 


*x 
If FA terminate successfully, set Ysa equal to Yp? the 
value returned, terminate and report success. 
If FA terminates with failure, go to Step 4. 


Step 6: Terminate and report failure. 


Syne Crosser Algorithm 


This algorithm uses the Enumerative Algorithm (EA) to build up 


* 


a set, Soca 


of slices that are feasible and accessible from, Ygcar one 


of its input parameters and determines if the pre-synchronisation sliver 


t 3 ° 
Ard of, tocas another input parameter is accessible from Yoca‘ The 
2 2 2 * 
parameter Xeon is a set of chain-graphs as is Xoo? but the former 


is an input parameter and the latter is returned upon successful 
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* 
and the set § of slices are also re- 


* 
termination. A slice, Ygca? SCA 


turned upon successful termination. 


Step 1: Construct the set of chain-graphs in the efflorescence of 
° ' t 
tocas Call it Xeon’ (At worst, Xoca can be set equal to 
Xocar) Go to Step 2. 


Step 2: Perform the Enumerative Algorithm with SCA and Yscq 28 


respective values for the input parameters. 


. * * * 
If EA terminate successfully, set Soca? Ygca and Xeon? 

* * * 
respectively equal to the values Sea? Yea and Xe returned, 


terminate report success. 
If EA terminates with failure, terminate and report 


failure. 


Enumerative Algorithm 


This is a recursive algorithm similar to the Crutch Algorithm of 
Chapter 3, except that it asks for the performance of EA instead of the 


Basic Algorithm and that it needs to use FkA at forks and to treat 


* 


points of synchronisation as barriers. It builds up the set SEA of 


feasible slices accessible from Yea and terminates with success if 


t 
(s (3. 


the slice that is identical to y,, except that it 
pre EA 


Ves 
EA BA Se 
uses the pre-synchronisation sliver, is in SrA‘ 


. : * s P t 
is returned, as is Yea? which is (s post! ©) Yea? and 


Upon successful ter- 


* 
inatio 
mination SEA 


* : : * 
Xpa? the set of chain-graphs defined by Yea‘ 
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CRUTCH ALGORITHM 


This algorithm is similar to its namesake in Chapter 3, except 
that it uses FkA when necessary and seeks performance of FA instead 


of the Basic Algorithm. 


FORK ALGORITHM 


It takes three input parameters, a slice Ypo 2 set of chains 
Xue and a fork fe If the slice through the post-fork sliver (this is 
similar to the post-synchronisation sliver, conceptually) i.e., 
Spost/®y¥e is feasible, it terminates with success and returns this 
slice as Ys and the chain-graphs it defines as ae No value is re- 


turned if FkA fails. 
94.11 Isolation of Efflorescences 


The SCA algorithm in the previous section assumed that the 
efflorescence of a point of synchronisation can be isolated. The task 
is far from easy as Figure 4.10 shows. In Figure 4.10, if the chain- 
graph of y were searched from top to bottom to determine if t lies 
on them, a fairly long and futile search down the chain-graphs marked 
X¢ and Xf is possible before it is realized that t is not on it. 


Besides, unless the points of synchronisation are labelled too, there 
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is no way of distinguishing one from another. 

The isolation of an efflorescence becomes considerably easier 
if the demand graphs are constrained so that graphs such as that in 
Figure 4.11 are ruled out; for them the chain-graphs can be labelled 
conveniently. The constraint can be described precisely if the 
notion of generations is associated with chain-graphs. For this pur- 
pose it is useful to use chains again. A chain-graph of Yr starts 
out as a chain and sub-divides into more chains, with consolidation 
occurring at some points of synchronisation. Points of synchronisation 
will be referred to as joins. 

The first constraint requires that all points of synchronisation 
have exactly one outgoing arc. It will be recalled that forks have 
exactly one incoming arc. This makes it possible to introduce the 
concept of generation. 

The chains that are chain-graphs defined by vy belong to the 
first generation. At a fork, such a chain gives rise to two or more 
chains of the second chain. Each chain of the second generation gives 
rise to chains belonging to the third generation at a fork, and so on. 
Similarly, chains give rise to a chain of one lower generation at a 
join. However, this leads to an ambiguity if chains of different 
generation meet at a join. The second constraint, therefore, re- 
quires that only chains belonging to the same generation can meet at 
a join. 


Chains of second or older generations that arise from a chain, 
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Figure 4.11 
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that is a chain-graph defined by Yy» are called siblings. All chains 
of the first generation are also siblings. 

The third constraint requires all chains meeting at a join to 
be siblings in addition to belonging to the same generation. 

These three constraints are necessary for consistency of gen- 
eration numbering. 

Figure 4,12 shows arcs marked with the generations of the chains 
they belong to. The demand graph of Figure 4.12 satisfies all the con- 
straints. 

Figure 4.13 is a copy of Figure 4.11 but shows a one-digit 
position per generation labelling with increasing numbers from left 
to right on outgoing arcs of a fork. It is seen that the efflorescence 
of t consists of all chain-graphs that are labelled with a leading 1. 

The constraints described above have a meaningful interpretation 
in terms of processes in a computer system. They state that processes 
are created by a computation to carry out an internal computation and, 
therefore, no other computation knows about the processes. A similar 
argument is used for processes of the third generation, and so on, 
Since only processes of the same generation that are siblings "know 
each other", only they can interact. The constraint on points of 
synchronisation that they have only one outgoing arc is a relatively 
artificial constraint, though. However, it does simplify the task of 


isolating efflorescences. 
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Loops and Decisions 


Chapter 5 
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5.1 Unrestricted and Augmented Demand Graphs 


A demand graph was defined in Chapter 2 to be a finite directed 
graph with demands on the arcs and a capacity associated with 
the graph. The analysis in Chapter 4 dealt with all but demand graphs 
with circuits or directed cycles. Sections 5.2 and 5.3 aim at an in- 
formal study of the effect of cycles in demand graphs on the analysis 
of deadlocks. The study is informal because the complexity of the 
graphs to be considered becomes unmanageable. Moreover, the analysis 
of Chapter 4 suggests that there can be much repetition of familiar 
techniques, so that an analysis of the differences alone may suffice. 
Section 5.4 deals with augmentation of demand graphs to include a 
mechanism for the representation of decisions and alternative alloca- 
tion possibilities in processes. There, too, an informal discussion 
of the effect of such augmentation on the analysis is presented. Be- 
cause the discussion is informal, there is an underlying assumption 
in all sections that the demand graphs that should be considered are 
those that represent meaningful behaviour by users of systems, rather 


than general members of the classes of graphs considered. 


$5.2 Unrestricted Demand Graphs 


Unrestricted demand graphs are the demand graphs defined in Sec- 
tion 2.2, and thus include cyclic graphs. However, rather than treat 


such graphs in general, the discussion in this section and the next 
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deals with rectilinear demand graphs in which arcs have been added for 
the purpose of creating cycles. Figure 5.1 shows an example of such a 
graph. 

The demand graph of Figure 5.1 exhibits overall loops, i.e. 
it is a rectilinear demand graph in which the corresponding terminal 
arcs and initial arcs of chains are joined. The graphs thus consist 
of chains and rings. Demand graphs with overall loops will be referred 
to as annular demand graphs. 

In terms of systems of processes, annular demand graphs represent 
repeatable or recurrent processes. The manufacturing industry provides 
several instances of recurring processes in the field of operations re- 
search. In interactive computer systems, a process that responds to 
editing commands or a process that handles console commands is an ex- 
ample of a recurrent process. 

It is clear that slices of annular demand graphs can be defined, 
exactly as in Chapter 2, as sets of arcs, one from each chain. However, 
the slices do not form a lattice as they did in Chapter 2, since Y1 < Yo 
and Yo x v1 do not necessarily imply that Y, = Yo° Feasibility and safe- 
ness of a slice can be defined as before. However, as Figure 5.1 shows, 


' is safe too. 


if a slice such as y is safe, then a slice such as y 
For the (now merged) initial and terminal arcs have zero demand and the 
arcs on any chain have a demand that does not exceed the capacity of 


the graph. Thus annular demand graphs may be analyzed by cutting each 


ring at any arc that has zero demand and analyzing the rectilinear 


demand graphs that result by the techniques of Chapter 3. 


> 
a 


(eleteiaietentetetentetaateteteetaata Stems 
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Figure 5.2 shows another form of cyclic demand-graph, viz one 
with an internal loop. Although moves across transitions having more 
than one output arc have been interpreted so far as representing the 
initiation of parallel processes, it is clear that such an interpreta- 
tion would be meaningless for the demand graph of Figure 5.2 A useful 


interpretation would consider a transition, such as t, in Figure 5.2, 


1 
which has several outgoing arcs, one of which is part of a loop, as 
representing a point of choice. Consequently, a slice of such a demand 
graph should not be defined, as it has been in Chapter 4, in terms of 
slivers that are cut-sets of component sub-graphs of the demand graph. 
Rather than attempt to find an appropriate definition of a slice for 
analysis of deadlock, it may be worthwhile to determine if the loops 
can be meaningfully rectified; for then the definitions of slices, safe- 
ness, etc., used in Chapter 3 as well as the analysis in that chapter 
can be used. 

Now a loop in a demand graph such as that of Figure 5.2 rep- 
resents the fact that the phases represented by the arcs around which 


the loop is drawn (the three arcs Ay» Xs, and a, in Figure 5.2) may 


3 
occur more than once and, in fact, an unpredictable number of times. 

Consequently, in rectification of such a graph, it must be ensured that 
a slice such as y in Figure 5.2 is considered safe only if it is safe 


no matter how many times the string of arcs @ is repeated in 


a 
1? “2? %3 
succession. The rectified graph used for safeness analysis must, 


therefore, use an adequate number of copies of the iterand, viz the 


GS 


ia wal x S fs 5 
Capacity = (15 } 


Figure 
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v,. The problem of determining what number of copies is 


segment G1, Gos %, 


adequate will be referred to as the adequate rectification problem. 


$5.3 The Adequate Rectification Problem 


Consider the slice y in Figure 5.2. If using one copy of the 
iterand is adequate, then Figure 5.2 shows that y is safe. However, 
the result is fallacious, since it is clear that if the phases represented 
by the iterand do get repeated then deadlock would result in the system 
represented. Figures 5.3a and b show an example in which y is safe 
when two copies of the iterand are used but not when three copies are. 

Figure 5.4a shows a somewhat different example, in which the slice 
y is safe when one or two copies of the iterand are used (Figure 5.4b) 
and also when any larger number of copies is used. The difference 
seems to lie in the fact that in Figure 5.4b one can find a slice Y' 
that is accessible from y and that has the property that a uni-chain 
macro-move across the entire iterand fits y' feasibly. Clearly a se- 
quence of any number of such macro-moves across copies of the iterand 
would fit y' too. 

In general, let y be the slice whose safeness is being examined. 
3 


Let y be safe when l, 2 ... n copies of the iterand are used, and 


3 td) 


let n be the smallest number such that when n copies are used, a slice 


y' is accessible from which a uni-chain macro-move across the entire 


t 
n 2 copy of the iterand fits y' feasibly. Then n is the number of 
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copies that represents "adequate rectification." It would seem quite 
likely that n varies from test slice to test slice. 

It would appear that in demand graphs with scalar demands one 
copy is adequate. This is because a reduction in demand cannot be 
selectively for one component only (as was the case with arc a in 
Figure 5.4a). 

The number of copies referred to above is the number of complete 
copies — the qualification is redundant except when the test slice it- 


self includes an arc from the iterand. 


5.4 Manifold Demand Graphs 


A Manifold Demand Graph is an augmented form of demand graph in 
which some transitions with more than one output arc are marked with 
the logical Exclusive Or symbol. Such transitions represent points of 
choice in the processes. A process takes only one of the many paths at 
such a point during a run. As in Section 5.2, the aim of this section 
is to examine the effect of such an augmentation on the analysis of 
deadlock and, consequently, the demand graphs considered will consist 
of chains. 

A point of choice may arise in processes because the choice of 
activity to be undertaken next depends on a decision that is based on 
a predicate which cannot be evaluated until this point in the process. 


It may arise also from the presence of versatile resources in the 
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system. Such resources can serve as well as resources of another type 
and, therefore, may be used in place of the latter if these are un- 
available at the time. 

As discussed in Section 5.2, the problem of a suitable definition 
for slices arises. Once again, it is tempting to try and avoid the 
problem by replacing the multiple chains of ares emanating from such 
transitions by a single representative chain. The analysis of recti- 
linear demand graphs in Chapter 3 would then be applicable. 

The choice of a representative chain depends on what is repre- 
sented. If the point of choice represents a stage where a process auto- 
nomously chooses one path, then the representative chain should represent 
the "worst" alternative. If, on the other hand, the point of choice rep- 
resents a stage in a process where one of several combinations of re- 
sources can meet its needs, so that the alternative paths represent the 
availability of choice to the resource allocator, then the "best" alter- 
native is the one that should be represented. Since deadlock avoidance 
is of interest, the terms "best" and "worst" presumably represent the 
choices that are respectively most and least likely to make slices safe. 

Unfortunately, which alternative is "best", say, depends on the 
slice being tested and, consequently, a local algorithm has to try all 
the alternatives one by one. This is illustrated in Figures 5.5 to 5.7. 
In Figure 5.5, slice Yy is safe only if the left hand alternative is 
used, while Yo is safe only if the right hand alternative is used. 


Figure 5.6 shows that even with scalar demands, the choice of an 
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alternative is not easy. In that figure the chain that has the larger 
maximum of demands on arcs is not inferior; for o is safe only if the 
right hand alternative is used. Figure 5.7 shows that even if a chain 
has the smaller maximum of are demands and the smaller minimum of arc 
demands, it can be "worse" than the other; for slice o is safe only 
if the right hand alternative is used. 

The selection of a "worst" alternative runs into similar problems. 

Thus it is necessary to redefine a slice so that it is a set of 
arcs, one from each chain, with alternative chains emanating from a 
transition that represents a point of choice considered to be a single 
chain. Safeness algorithms have then to try the alternative chains one 
at a time until either a chain that can be crossed is found or all the 
chains can be crossed — the choice depends on whether the alternatives 
represent a decision by the process represented or a choice by the re- 
source allocator. This, of course, increases the amount of backtracking 


and probably makes it non-linear. 
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Conclusion 


Chapter 6 
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$6.1 Demand Graph Analysis of Resource Sharing — in Perspective 


Deadlocks due to resource sharing are a result of limited re- 
sources and hoarding of allocated resources. In general, the avoidance 
of deadlock requires control of the acquisition of such resources by 
users, the entities that acquire and release resources. Total se- 
quencing of the users, so that they proceed one at a time until com- 
pletion, is always possible if no user ever needs more resources than 
are in the pool. Such control is gross and wasteful. Finer control 
requires information about resource usage by users. 

The demand graph model is a model for the representation of 
information about resource usage by users when their activity can be 
divided into phases of known and steady resource usage. What scale 
of activity a phase represents can vary with the circumstances. The 
ability to represent a set of phases as a single phase whose demand 
is the least upper bound of the demands of the original phases is the 
key to this facility. The assumption of Habermann [3], that only the 
maximum demands of a user are known, corresponds to combining all the 
phases (other than the initial and terminal arcs) of the subgraph that 
represents the activities of a user and representing them by a single 
phase, whose demand is the least upper bound of the demands of all 
slivers of the sub-graph. It thus represents one extreme. However, 
there is a whole range of scales of representation on one side of that 
extreme, and demand graph analysis serves to illustrate what can be 


done in that range. 
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§6.2 Non-linearity in Algorithms 


Between Scalar and Vector Demand Graphs there is a quantum jump 
in the amount of computation that a safeness algorithm has to do in the 
worst case. While it is to be expected that the amount of computation 
in the worst case increases as the number of components of demand in- 
creases, the increase would seem to depend more on the particular 
figures of demand encountered than on the number of components. For 
the Augmented Safeness Algorithm becomes non-linear only when it finds 
barriers before it finds arcs with total reduction in demand that sat- 
isfy the test of the Basic Algorithm; thus it is clear that the oc- 
currence or non-occurrence of such lows of demand is what determines 
the amount of computation. However, the likelihood of occurrence of 
such lows in all components of demand may decrease as the number of 
types of resources in the systems represented increases. 

It should be borne in mind that the non-linearity of the Aug- 
mented Safeness Algorithm is also a consequence of its local nature. 
The proof of non-linearity of the Augmented Safeness Algorithm as- 
sumed that even when barriers are discovered on all chains, the con- 
siderations for a slice to possess the prefix property must still be 
based on arbitrary extensions — not just those that also have barriers 
on all chains. This assumption was based on the particular defini- 


tion used for local algorithms. 
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The principal cause for the non-linearity of the Augmented Safe- 
ness Algorithm is the fact that there are situations in which exactly 
one combination of crutches is useful and this can only be discovered 
by trial and error by a local algorithm. 

The principal factor in the proof of non-linearity in arbo- 
raceous demand graphs even with scalar demands is the existence of 
situations in which a pre~synchronisation slice is accessible by 
exactly one sequence of chains on which to make moves. Here, too, if 
the demands on arcs incident on and emanating from points of syn- 
chronisation are small enough, then the amount of computation a safe- 


ness algorithm has to use does not become very large. 


6.3 Demand Graph Analysis in Operations Research 


The problem of deadlocks is as serious in transportation, manu- 
facturing, maintenance, etc., as it is in computer systems. That it 
has not been recognized in operations research is unfortunate, since 
the fields to which operations research addresses itself are those 
that are commonly encountered. 

The assumptions for the demand graph model, viz that processes 
go through phases of known and steady resource usage, are particularly 
apt for manufacturing and other similar spheres to activity. The ex- 
ample of a maintenance hangar for aeroplanes in Chapter 1 is a case 


in point. 
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It should be pointed out that the assumption of an asynchronous 
nature for the processes in the analysis is not crucial, and its viola- 
tion does not invalidate the results as far as scheduling problems in 
operations research are concerned. For deadlocks are caused by 
hoarding and improper coordination of the acquisition of resources by 
activities, not by the unpredictability of the durations of various 
phases of activity. That these durations are not known in asynchronous 
systems, merely implies that the activities should be viewed as dis- 
crete phases with a sequencing structure, rather than as continuous 
on-going activity. 

The effect of knowledge of processing times or duration of 
phases is to make the various connected sequences of feasible slices 
from a safe slice to the terminal slice unequal — some sequences may 
be preferred over others, say because they result in a lower average 
running time for the processes. However, if a slice is not safe, then 
no schedule will allow all the processes to complete without deadlock. 
Thus considerations of deadlock prevention have the effect of elimi- 
nating certain schedules from the set of schedules that are considered 
for minimization of running time. All the work that has been done so 
far on selection of schedules that optimize running times can be ap- 


plied to this reduced set. 
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$6.4 Use of Demand Graphs in Computer Systems 


Deadlocks can occur in computer systems because processes com- 
monly hoard resources such as locked data bases, main memory in sys- 
tems with a single level memory, etc. Thus it would seem that demand 
graph analysis would be useful, and the next few sections touch upon 
some of the relevant issues. 

The discussion in Chapter 1 pointed out that the scale for 
description of a computation (the activity of a "user" or a set of 
"users') as a sequence of phases can be chosen to suit the circum- 
stances. Thus, it is possible to consider a phase as representing the 
execution of a single procedure or of a set of procedures, for instance. 
In other instances the phases may represent execution of parts of a pro- 
cedure. The scale can, therefore, be chosen to suit the circumstances. 

Although the discussion thus far has not touched on the effect 
of priorities, the use of priority schemes is not precluded. The 
analysis of Chapters 2 to 5 is invariant with choice of a priority 
scheme. It is perfectly reasonable to have any scheme, whatsoever, to 
select one or a few of several competing processes to receive resources, 
as long as allocating those resources corresponds to a move to a safe 
slice in the demand graph representation. In fact, one can even rep- 
resent facilities such as guaranteed service, by modifying the safeness 
algorithms. If a certain sequential process needs to be guaranteed 
of always being able to proceed with the next k phases (for some value 


of k) as soon as it finishes the current one, then the safeness algorithm 
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can be modified to assure such a process; for it can be made to ensure 
that every sequence of moves it constructs, during a test for safeness 
of any slice, begins with a uni-chain macro-move across k transitions 
on the chain representing that process. A page swapping process may 
perhaps be an instance of such a process. 

Interactive systems are somewhat different. In such systems a 
user needs to be guaranteed not just of being able to complete his 
computation, but of being able to complete it within a reasonable 
amount of time. This "reasonable wait" constraint is usually quite 
strong and may imply either that the ability to preempt resources is 
required, no matter what the cost, or that computations should not be 
accepted until the expected time to completion is less than a certain 
limit. In such instances the analysis of demand graphs is still quite 
useful although, at times, only to provide guidelines or a philosophy, 
rather than to be applied directly and in detail. 

System designers should not be distressed by the non-linearity 
of safeness algorithms for vector demand graphs. The large amounts of 
computation that non-linearity implies relate to worst cases and not 
necessarily to ordinary cases. Secondly, compromises are possible, 
since it is only required that the states that are permitted to occur 
are represented by safe slices not that all states that are represented 
by safe slices be permitted to occur. The cases in which the amount of 
computation begins to become rather large could be handled by refusal 


to consider the states represented by these slices for allocation. 
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Thus requests from processes for additional allocation may be denied 
because the slice representing the state that would result is unsafe, 
or because determination of its safeness takes too much computation. 
In this context the discussion in Section 6.1 on the scale of repre- 
sentation is quite relevant. In any case, the results in this thesis 
point out the sources of complexity and the degree of complexity that 
can be encountered. Non-optimal givaveies may be more practical and 
better, as long as extremes are avoided. The non-linearity of the 
Augmented Safeness Algorithm could thus be only of academic interest. 
Moreover, good heuristics could probably be found for commonly oc- 
curring situations. 

Finally, there is a trend towards making resources preemptable 
on the one hand and effectively infinite on the other. The implementa- 
tion of virtual memory schemes on multi-level memories is indicative 
of this trend. The trend is immensely desirable. However, deadlocks 
owing to sharing of locked data bases will continue to arise in com- 
puter systems, making coordinated allocation of such resources to 


avoid deadlock imperative. 


The should be pointed out that the Basic Algorithm in Chapter 3 only 


uses a sufficient condition (rather than a necessary and sufficient 
condition) as a test, anyway. 
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Conclusions and Future Work 


The demand graph model for the analysis of deadlocks is not the 
last word on the subject. Chapter 5 showed that the techniques of 
analysis become unmanageably cumbersome for unrestricted and augmented 
demand graphs. This is largely a consequence of the complex structures 
that these graphs exhibit. However, good algorithms for testing the 
safeness of slices of such graphs need to be devised and may require 
considerable ingenuity. 

Moreover, there are several situations that demand graphs are 
incapable of representing. An output process for a group of recurring 
or cyclic processes that treats pieces of data from all processes 
symmetrically and operates with a finite buffer memory, which it shares 
with other output processes, is such an example. The full power of 
(unsafe) Petri nets [8] is required for the representation of such a 
system. For Petri net "conflicts" are required to represent the sym- 
metrical treatment of pieces of data from all processes and the init- 
iation of output as soon as possible after any such piece has arrived, 
without pre-ordained sequencing of the handling of outputs from the 
various processes served. This would suggest that Petri nets with 
numbers (demands) on places and constraints (capacity constraints) may 
be worth examining ab initio with a view to representing systems for 


analysis of deadlock. 
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In concluding, it should be pointed out that the work in this 
thesis represents an attempt to construct models for activities in 
systems so as to aid understanding and analysis of systems. Computer 
systems, in particular, need such models to aid in the understanding 
of fundamental problems. Such models are also required to provide 
tools for debugging of systems that are so complex that comprehension 
of the whole is almost impossible. The fact, that in using demand 
graphs to analyze consistency of use of locks on data bases one can 
construct the demand graph one process or one computation at a time, 
is of great value. For then mechanical tools (such as safeness algo- 
rithms) can handle the interactions of the parts in the complex whole. 
It is to be earnestly hoped that more debugging tools of this nature 


will be devised. 
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An examination of the lattice of slices of a demand graph such 
as that in Figure 2.4 shows an apparent redundancy of information. For 
instance, in the lattice of Figure 2.4 ,all the arc labels have appeared 
in slice labels by rank 4. This suggests that a test of a kind differ- 
ent from that considered in the main body of this thesis may be possible. 
Such a test would utilize this observation, viz that the first few ranks 
of the lattice of slices contain a good deal of information. The test 
is, in general, a (K, p) feasibility test, i.e. a test which seeks p 
connected sequences of feasible slices from the test slice, y, toa 
slice K ranks above y in the lattice. 

The test that is of particular interest is a (K, 1) feasibility 
test, especially because it is comparable to the tests discussed earlier. 
It should be interesting to determine how large K has to be in relation 
to he the rank of Vr relative to y. In determining such a lower 
bound on K, however, it is proposed to take a more mathematical approach 
in this appendix than has been taken so far. The intent of the analysis 
is to explore the effectiveness of such an approach rather than to obtain 
a tight bound for K. The investigation will therefore concern general 
questions such as what patterns of feasibility and infeasibility over the 
lattice of slices can be obtained, and so on. The mathematical tool that 
will be used is the theory of linear inequalities. 

The reason why it appears, intuitively, that some patterns of 


feasibility and infeasibility may not be attainable is because these two 
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types of constraints are opposite in nature and, therefore, could give 
rise to a contradiction. For example, suppose slices AnByC, and 
A3B, Cy of a three-chain demand graph were required to be feasible. Then 
could AyB,Cg and AzB5Co both be infeasible? Clearly not, for the fea- 


sibility requirements imply that 
d(A,) + d(B,) + 4(C,) < C 
d(A,) + d (Ba) + d(C.) = 
d(Ay) + d(By) + d(C) + d(A) + d(B) + d (C3) eo 2C 
ie [d(A,) + d (Ba) + d(C,)] + [d(A,) + d(By) + d(C,)] < 2C 


which clearly contradicts the infeasibility constraints. 

In simple cases such as the example shown above, the incompati- 
bility of the (four) constraints may be quite obvious. When a large number 
of constraints is involved, however, the incompatibility of constraints 
may be much less obvious. For this reason, it is proposed to seek sim- 
pler tests based on the exhibition of a well defined structure by the 
constraints. The principal task, then, is to determine what structures 
have important implications in this regard. It will be assumed that the 
demand graphs are rectilinear and that in any example the number of chains 
and the number of arcs on each chain are known, as is the capacity asso- 
ciated with the graph, but that values of demand that satisfy a given set 


of constraints are sought. 
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The discussion to follow assumes scalar demands but it is con- 
jectured that the results are valid also for vector demand graphs. 
Each requirement of feasibility of a slice imposes a constraint 


of the form 


m 
\" th ; 
i, 4 < C for the j such slice 
1= 


J 


. . ‘ i ; : 
where a, is the concise notation for d(q, ) and the superscript j 


L i 
merely serves to identify the slice to which the inequality relates. 
Similarly, each requirement of infeasibility imposes a constraint of the 
form 
m m 
are % j 
iz an et C or ye (-ay ) < -C 


1 : i 
i=l 


The question of the compatibility of the feasibility and infea- 
sibility requirements thus reduces to that of the consistency of a set 
of inequalities made up of inequalities of these two types. The theorem 
which follows relates to this question directly. It is taken from 


Cernikov [18]. 


"Theorem 3.4 . Let 
f. x a, s 0 i alee 2, 3, eee M 


be an arbitrary compatible system of inequalities over the linear space 


+ 
L(P) where P is an arbitrary ordered field , then the system 


Tea [9]. 


f,@)-a, <0 jek, 2 3a Se 
f.(x) - a, s 0 {em PLS wee 
J J 

x € L(P) 


is compatible iff the equation 


LD uf) = 0 with the unknowns uj, uy, --. UL 


has no positive solutions satisfying the condition 


= ° tT 
ayy +... tau =0; uy + Uy Se wit > 0 


In the discussion which follows, the linear space L(P) is the 
linear space over the field of rational numbers since the components of 
demand are rational numbers. 

An intuitive understanding of the theorem can be obtained by re- 


writing the inequalities as 


£ (x) < a, j=l, 2, .m's m' sm 
£, (x) s a, j=m' +1, m' + 2, m 
Each Es) is of the form By x, + B, Xt oe. B. x > where n is the 


dimension of the linear space L(P). Since multiplying an inequality by 
a positive constant leaves the inequality unaltered, if positive mul- 
tipliers 4, can be found which (after multiplication) make the sum of the 


left hand sides identically zero, then in a compatible system the 
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corresponding sum of the right hand sides must be greater than zero 
(unless no non-zero multiplier multiplies any inequality in the second 
group), or else one gets the absurd conclusion 0 < 0! What is less ob- 
vious, and therefore interesting, is that this condition is also suf- 
ficient for compatibility. 
Now, a given pattern of feasibility and infeasibility implies 


that a set of inequalities be true simultaneously. This set is 


m 
‘i at <¢ j € [1, p'] for the p' feasible slices 
i= 


m 
) (-al )< -C 4 € [p' +1, p] for the p-p' 


infeasible slices 


The theorem quoted above is applicable to this set of inequalities only 
if it is compatible when the inequality in the second group is changed to 
"Ne" But this is clearly true, since a value of & for each al re- 

i 
sults in satisfaction of all of the resulting inequalities. Therefore, 


the theorem is applicable to the set, A,,of inequalities given above. 


0’ 
In order to apply the theorem to the inequalities in Ags a 


correspondence of terms must be set up. Consider one of the inequalities 


in Ay: 
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a t+tae+...¢a SC (The j merely identifies the slice 


2 | Eo Um 
from which the inequality comes and 
hence which a. "s appear) 
i 
The variables here are the demands a. Let the total number of distinct 


i 
demand variables appearing in A 


the form 


where the column vector a is the vector of N demand variables, and the 


row vector, with m components having a value 1, serves to pick out 
those components of a which appear in the inequality above. Thus a 
corresponds to the x of the theorem. The row vector of 1's and 0's 
is called a selection vector. 


Now the equation 


in the variables u, is really an identity in terms of a, since the 
equation has to be true for all values of a. 
The two lemmas which follow interpret the implications of the 


theorem stated above in terms of two patterns of feasibility and in- 


feasibility. The patterns are described in terms of a substructure of 


0 be N. Then the above inequality is of 
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the lattice of slices called a hull, a precise definition of which appears 
later. 

A sub-lattice is a subset of the elements of the lattice which is 
itself a lattice under the same definitions for computing least 
upper bounds and greatest lower bounds. It can be shown that a sub-set 
of a lattice that is closed under the operations of the lattice is a 
sub-lattice. Consequently, one can generate a sub-lattice from any sub- 
set of a finite lattice by adding the elements needed to make the set 
closed. 

The hull of a set, A, of slices is the set of all slices, o, in the 
lattice that satisfy g.1.b.(A) <o < l.u.b. (A). Figure 1 shows the hullofa 
set of slices. The hull of a set of slices is a sub-lattice of the lattice 
of all slices since the hull is closed with respect to the operations 
of extracting the greatest lower bounds and least upper bounds of 
slices. It is clear that every slice in the hull of a set of slices, 


A, lies on a directed path from g.1.b.(A) to l.u.b. (A). 


LEMMA 1 Let D be a demand graph of m chains with n, arcs 


on the mh chain. Let Yy> Yoo ++ v3 be slices of D re- 


pele t Yq be slices re- 


quired to be feasible. Then a set of demands for the arcs 


quired to be infeasible and y 


of the demand graph that ensure that all these conditions 


are met exists if none of the slices Yq lies 


Yotl? 
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in the hull of Yypo eee Yp (or symmetrically, if none of 


the slices Ypoocee ve lies in the hull of Yo+1? ies a 


PROOF: The system of inequalities whose consistency is being 


examined consists of the two sets of inequalities: 


™m 
cae ;€ Tl, p] ----------- 2-22 -- ee 1) 
a. C J [1, p] ( 
isl * 
corresponding to the infeasible slices, Yi> Yoo Yo? and 
m 
ee eee 6 <6 Mipetbe. qlee eae aaa eee (2) 
i=l 7 
corresponding to the feasible slices, Yor? Yp42? eed Yq° 
Step 1: Suppose that positive multipliers Nao Nos see Ns and 


Bopper for the two sets exist such that 


m 
My 6) al ) to.e + aK )= Mtl 0. att) Pe otact Hg 6 yet Gy) 
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Then, for consistency, the theorem requires that 


P q 
Co) ri +@- ) nro 
j=l k=pt1 
be true unless Ms is 0 for all values of j. 

Consider the identity in (3). It will be noticed that as each term 
in parentheses relates to a slice, it contains exactly m variables, each 
with coefficient 1. Since one can multiple (3) through by the LCM of the 
denominators of the \'s and u's to get integer multipliers, it may be as- 
sumed that the \'s and u's are integers so that one can speak of the num- 
ber of terms on one side of (3). The number of terms appearing on the 
left hand side when (3) is expanded out is m EY, whereas that on the 
right hand side is m . Lye Since (3) is an identity, it is necessary, 


ptl 
inter alia, that these two numbers be equal. Thus 


P q 
#)%, = 4), Mk 
1 ptl 


Therefore, 


-C ur, +C Duy, = 0 


The system of inequalities consisting of (1) and (2), therefore, is 
inconsistent if positive integer values for the A's and u's exist 


that satisfy (3). 
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The identity in (3) can be rewritten in terms of the selection 
vectors so as to eliminate the variables. It then becomes the set of N 


equations 


1 Qe a selection vector for Yy 


selection vector for Yp 


= Coy aw) Sere Hg! selection vector for Yor. 


. 


selection vector for Yq 


Now both sides of this identity can be multiplied by the N x l vector of 
a's which corresponds to a. One then gets an identity which is identical 
to (3) but with arc-labels rather than demands in it. Call the new 
identity (4) — it is an identity of algebraic expressions whose terms 
are the arc labels an. 

That values Be the A's and u's that satisfy (3) should not 
exist, implies (in terms of the identity (4)) that values for the \'s 
and u's that satisfy (4) should not exist. That is, for consistency no 
permutation of the collection of labels of slices in a selection (with rep- 


etition) from the set {y,> Yoo see ae should produce a collection of la- 


bels that is also a permutation of the collection of labels of slices in 
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a selection of the same size from Vas ons ae (again with repetition 
allowed); selection of a slice more than once corresponds to a multiplier 
y (or «.) which is wreater than one. 
Step 2: Now consider a selection “ (in this proof, always with repe- 
tition allowed) from Ypocee Yi Then any permutation of the collectionof 


labels of these slices that yields slice-labels must satisfy the condi- 


tion that each component a of a new slice label satisfies: 


aa 


*,]l.b. of the are numbers s rx < l.u.b. of the arc numbers 


b . 
F Z 
ry Of the xj components rv; of the x; components 
of slice labels in © of slice labelsin 
therefore, 

, so he i = 
g.l.b. of the xy. arc oa “ i.u.b. of the x, are compo- 
components of the slices i nents of the slices in the 
in the selection * selection * 


since the arcs on each chain are numbered in sequence downwards. Thus 


g.l.b. of the slices < the slice in question < l.u.b. of the 
from the selection (resulting from a slices from the 
permutation) selection 


i.e., the slice lies in the hull of Nas Ge Rs 


1 Pp 

(For example one slice-label resulting from the permutation 

eee, 2.3% 2. 1 2.3 ‘ coe 
of BaV%o%q ANd HWA LS aA% HD, which clearly satisfies 
Eee? 35, CMD de yd he) 23 sek ad : 
Wh 5% 5 130325 14% 3%), » and 132305 does lie in the hull 
ae eee ee 

Boe Oe ge Ps es 
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Thus, if none of the slices lies in the hull of 


Negi He NG 
Vio tee ua then the collection of labels in any selection fron 
Yee? see Yo! Cannot be a permutation of the collection of labels in 


a selection from Vy: -.. y.}. Thus no inconsistency can result and, 
cE YY 


therefore, demands for the arcs exist so that both the feasibility and 


infeasibility requirements are satisfied. 


LEMMA 2. Consider a demand graph with m chains, the ri 
chain having n, ares. Let {Y1> ee VA? be a set of 
slices of the demand graph which lie in one rank, R, and 
let Yy> +++ ¥, be required to be infeasible. Further- 
more, let Yyo cee Vs completely partition their hull, 
i.e. there does not exist a slice at rank R that is in the 
hull of {Ya You ee Yo: but is not in {Y,> rae ety 
Then if values of demand can be found so as to make the 
slices Yy> Yoru ves ae infeasible and all the slices be- 


low rank R in the hull of {Yy> Vox tes Yp! feasible, then 


no slice that ‘ies above rank R in this hull can be feasible. 


PROOF: Let y be a slice in the hull at a rank greater than 


pe Ve ee WG } be a mini- 
qs 


a 


R that is required to be feasible. Let Y 
kh 
mal subset of Yq. ea Yat such that y is the l.u.b. of 


Vite Waaiar Wen. = That is, fy, , ... y. | is the smallest set of slices 
jy aj iF dig 
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at rank R whose l.u.b. is y. Such a set has to exist since the set of 
all slices at rank R that lie on a directed path from g.1l.b. 
Cys oib% Yo! to y certainly have y as a 1.u.b., and all such slices 


belong to the hull. 


Now it will be shown that slices y , ... Y all lying above 
s s F 
1 £-1 
rank R, exist such that the labels of y, Yay? Yas? sare Nei are permu- 
tations of the labels of y. , y. , -+- Y: > 
Jy 2 am) 


In the discussion that follows the labels of slices y, y' ... 


will be designated by y, y' ... . This should cause no confusion as the 

context should resolve any ambiguity. The labels ‘a vies Ve, are ob- 

tained as follows: Take out the elements that make up y from 

Y: » Ys 5 e+ Y. . Then take any of the 2 "stripped" labels remaining 

and distribute its components among the other g-1 stripped labels, giving 
each a component that is from the same chain as the one it contributed to 
y. The resulting labels are ‘5, Yg.2 oe Yee 


(The construction is illustrated for A, By Cos Ay B., Cy Ay By C4 


below: 
Te Yj ; ie Ag By Cy Ay B, Cy A,B,C, 
Y A, By Cy 
Stripped labels: By Cy Ay Cy Ay Bo 
——— a ae 
Result of distribution: Ay 1 Cy Ay By C, 
Clearly, (A, +B, + Cy) + (A, + B, + Cy) + (A, + By + C3) 


= (A, + Bz + C3) + (Ay + By + C)) + (A, + By + C,)-) 
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In general, it is obvious that jy, Ys.2 «0? Ye is a permutation 
£-1 
of y. . eee Yn 
43° a “ay 
It remains to be shown that y_ , Y_ , «+. Y all lie above 
Bike Po, Sg-1 
rank R and are therefore feasible — this, together with the feasibility 
of y and the infeasibility of Y; ; Y; 3 eee VG leads to an incon- 
2 £ 
sistency. 


It is obvious from the construction that 


Each component of a com- ss The corresponding com- 
pleted stripped label ponent of y 


For each label, Y,2 Some one component the relation is really "<" — 


this is the component received in the distribution, i.e. the one component the 


unstripped label alone can contribute to y. 


(E.g., By (in A, By C)) < B, (in A, Ba C3) above ) 

Thus each of the resulting slices Voce Vg meee ¥ has an index sum 
£-1 

less than R. 


LEMMA 3 


If a slice y of a demand graph is feasible but 


none of its immediate successors is, then no slice other than 


y in the hull of its successors can be feasible. 
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THEOREM Let D be an m-chain demand graph and let L be 
the rank in the lattice of slices of its terminal slice, Yo 
Let there exist a connected sequence of feasible slices from 
! 


a slice y of D toa slice, y', at rank L-m and let y 


have m successors. Then the sequence can be extended to Yr 


Lemma 3 follows from the fact that y is the only slice in the 
hull of its successors that lies above the successors. The theorem fol- 
lows from Corollary 1; for the hull of the m successors extends m-1 ranks 
below themselves, and thus encompasses a therefore at least one of 
the successors must be feasible (from Lemma 3) and one can apply the re- 
sult to the successors of that slice, and so on. 

The theorem above is a result, regarding a (K, 1) safeness test, of 
the kind that was sought at the beginning of the appendix. Undoubtedly, 
many more results of this kind could be proved. The aim of the appendix, 
however, is merely to indicate the nature of results that can be obtained 


by utilization of the theory of linear inequalities. 
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